Load LDAP
With 'apoc.load.ldap' you can execute queries on any LDAP v3 enabled directory, the results are turned into a streams of entries. The entries can then be used to update or create graph structures.
Note this utility requires to have the jldap library to be placed the plugin directory.
type | qualified name | signature | description |
---|---|---|---|
procedure |
|
|
apoc.load.ldap("key" or {connectionMap},{searchMap}) Load entries from an ldap source (yield entry) |
Parameters
Parameter | Property | Description |
---|---|---|
{connectionMap} |
|
the ldapserver:port if port is omitted the default port 389 will be used |
|
This is the dn of the ldap server user who has read access on the ldap server |
|
|
This is the password used by the loginDN |
|
{searchMap} |
|
From this entry a search is executed |
|
SCOPE_ONE (one level) or SCOPE_SUB (all sub levels) or SCOPE_BASE (only the base node) |
|
|
Place here a standard ldap search filter for example: (objectClass=*) means that the ldap entry must have an objectClass attribute. |
|
|
optional. If omitted all the attributes of the entries will be returned. When specified only the specified attributes will be returned. Regardless the attributes setting a returned entry will always have a "dn" property. |
Load LDAP Example
call apoc.load.ldap({ldapHost : "ldap.forumsys.com", loginDN : "cn=read-only-admin,dc=example,dc=com", loginPW : "password"},
{searchBase : "dc=example,dc=com",searchScope : "SCOPE_SUB"
,attributes : ["uniqueMember","cn","uid","objectClass"]
,searchFilter: "(&(objectClass=*)(uniqueMember=*))"}) yield entry
return entry.dn, entry.uniqueMember
entry.dn | entry.uniqueMember |
---|---|
"ou=mathematicians,dc=example,dc=com" |
|
|
|
|
|
"ou=italians,ou=scientists,dc=example,dc=com" |
|
|
|
|
call apoc.load.ldap({ldapHost : "ldap.forumsys.com", loginDN : "cn=read-only-admin,dc=example,dc=com", loginPW : "password"},
{searchBase : "dc=example,dc=com",searchScope : "SCOPE_SUB"
,attributes : ["uniqueMember","cn","uid","objectClass"]
,searchFilter: "(&(objectClass=*)(uniqueMember=*))"}) yield entry
merge (g:Group {dn : entry.dn})
on create set g.cn = entry.cn
foreach (member in entry.uniqueMember |
merge (p:Person { dn : member })
merge (p)-[:IS_MEMBER]->(g)
)
Credentials
To protect credentials, you can configure aliases in conf/apoc.conf
:
apoc.loadldap.myldap.config=<host>:<port> <loginDN> <loginPW>
apoc.loadldap.myldap.config=ldap.forumsys.com:389 cn=read-only-admin,dc=example,dc=com password
Then
call apoc.load.ldap({ldapHost : "ldap.forumsys.com", loginDN : "cn=read-only-admin,dc=example,dc=com", loginPW : "password"}
, {searchBase : "dc=example,dc=com"
,searchScope : "SCOPE_SUB"
,attributes : ["cn","uid","objectClass"]
,searchFilter: "(&(objectClass=*))"
}) yield entry
return entry.dn, entry
becomes
call apoc.load.ldap("myldap"
,{searchBase : "dc=example,dc=com"
,searchScope : "SCOPE_SUB"
,attributes : ["cn","uid","objectClass"]
,searchFilter: "(&(objectClass=*))"
}) yield entry
return entry.dn, entry