Discussion:
Get Password attribute value from LDAP Server Connector
(too old to reply)
Shashi Booshan
2017-12-14 08:35:20 UTC
Permalink
Hi Everyone,

I am getting stuck at this for a long time. I am getting the changed password values from my LDAP Server to my TDI LDAP Server Connector.
{
"ldap.messageid": "2",
"ldap.operation": "modify",
"ldap.controls": "[OID: 2.16.840.1.113730.3.4.2, criticality=false, value=null]",
"ldap.entry": "{
"ibm-diPassword": [
"replace",
"Welcome1"
],
"ibm-diTimestamp": [
"replace",
"20171212162829.6+0800"
]
}",
"ldap.dn": "ibm-diUserId=AETELECOM,ou=PasswordStore,dc=com",
"ldap.ipaddress": "/10.254.4.33"
}

I am able to get the entire "ldap.entry" value to a variable, but i am able to get only "ibm-diPassword" attribute.

I want to get the values like below

User ID: ibm-diUserId=AETELECOM,ou=PasswordStore,dc=com
Password: Welcome1

in a Text File.

Please help.

Thanks in Advance

Shashi
Eddie Hartman
2017-12-14 18:38:49 UTC
Permalink
Hi Shashi,

You do NOT want to use an AL with the LDAP Server Connector to catch password change data from the plugin. You will want a highly available Password Store - either an LDAP Server (like AD itself) or a message queue.

The password catcher plugin writes a special Password Change Entry (custom class which is standard in SDS). This only has the user id (ibm-diUserId), the timestamp (ibm-diTimestamp) and the password (ibm-diPassword). To get the user entry you have to perform a search using the ibm-diUserId, which should be the login of that User (e.g. uid or cn)

Hope this helps!
-Eddie
Shashi Booshan
2017-12-20 07:44:38 UTC
Permalink
Post by Eddie Hartman
Hi Shashi,
You do NOT want to use an AL with the LDAP Server Connector to catch password change data from the plugin. You will want a highly available Password Store - either an LDAP Server (like AD itself) or a message queue.
The password catcher plugin writes a special Password Change Entry (custom class which is standard in SDS). This only has the user id (ibm-diUserId), the timestamp (ibm-diTimestamp) and the password (ibm-diPassword). To get the user entry you have to perform a search using the ibm-diUserId, which should be the login of that User (e.g. uid or cn)
Hope this helps!
-Eddie
Thank you very much Eddie. Please put some more light on how to retrieve the ibm-diPassword attribute value from the ldap.entry object
"ldap.entry": "{
"ibm-diPassword": [
"replace",
"Welcome1"
],
"ibm-diTimestamp": [
"replace",
"20171212162829.6+0800"
]
}",
"ldap.dn": "ibm-diUserId=AETELECOM,ou=PasswordStore,dc=com",
"ldap.ipaddress": "/10.254.4.33"
}

i tried all getValue(), getString, getWorkObject even tried getting it as a json array but everything failed.
Shashi Booshan
2017-12-20 07:48:31 UTC
Permalink
Post by Eddie Hartman
Hi Shashi,
You do NOT want to use an AL with the LDAP Server Connector to catch password change data from the plugin. You will want a highly available Password Store - either an LDAP Server (like AD itself) or a message queue.
The password catcher plugin writes a special Password Change Entry (custom class which is standard in SDS). This only has the user id (ibm-diUserId), the timestamp (ibm-diTimestamp) and the password (ibm-diPassword). To get the user entry you have to perform a search using the ibm-diUserId, which should be the login of that User (e.g. uid or cn)
Hope this helps!
-Eddie
Thank you very much Eddie. Please put some more light on how to retrieve the ibm-diPassword attribute value from the ldap.entry object. I mean i want to read LDAP modify entry from LDAP server connector.
"ldap.entry": "{
"ibm-diPassword": [
"replace",
"Welcome1"
],
"ibm-diTimestamp": [
"replace",
"20171212162829.6+0800"
]
}",
"ldap.dn": "ibm-diUserId=AETELECOM,ou=PasswordStore,dc=com",
"ldap.ipaddress": "/10.254.4.33"
}

i tried all getValue(), getString, getWorkObject even tried getting it as a json array but everything failed.
Eddie Hartman
2017-12-20 17:17:09 UTC
Permalink
Post by Shashi Booshan
Post by Eddie Hartman
Hi Shashi,
You do NOT want to use an AL with the LDAP Server Connector to catch password change data from the plugin. You will want a highly available Password Store - either an LDAP Server (like AD itself) or a message queue.
The password catcher plugin writes a special Password Change Entry (custom class which is standard in SDS). This only has the user id (ibm-diUserId), the timestamp (ibm-diTimestamp) and the password (ibm-diPassword). To get the user entry you have to perform a search using the ibm-diUserId, which should be the login of that User (e.g. uid or cn)
Hope this helps!
-Eddie
Thank you very much Eddie. Please put some more light on how to retrieve the ibm-diPassword attribute value from the ldap.entry object. I mean i want to read LDAP modify entry from LDAP server connector.
"ldap.entry": "{
"ibm-diPassword": [
"replace",
"Welcome1"
],
"ibm-diTimestamp": [
"replace",
"20171212162829.6+0800"
]
}",
"ldap.dn": "ibm-diUserId=AETELECOM,ou=PasswordStore,dc=com",
"ldap.ipaddress": "/10.254.4.33"
}
i tried all getValue(), getString, getWorkObject even tried getting it as a json array but everything failed.
Are you still using the LDAPServer Connector? I told you this was a dangerous path, since you will have to ensure your LDAPServer based AL is highly available, or the plugin will fail. Better to write directly to AD and listen for changes. Or use the queue (TDI System Queue, which is Apache MQ under the covers).

But to answer your question, you can see from the dump above that the 'ldap.entry' attribute value is itself an entry object. So you need to do this:

ldapEntry = work.getObject("ldap.entry"); // Get Entry object stored as value
newPassword = ldapEntry.getString("ibm-diPassword"); // Get pwd from ldap Entry
Shashi Booshan
2018-01-02 09:20:19 UTC
Permalink
Post by Eddie Hartman
Post by Shashi Booshan
Post by Eddie Hartman
Hi Shashi,
You do NOT want to use an AL with the LDAP Server Connector to catch password change data from the plugin. You will want a highly available Password Store - either an LDAP Server (like AD itself) or a message queue.
The password catcher plugin writes a special Password Change Entry (custom class which is standard in SDS). This only has the user id (ibm-diUserId), the timestamp (ibm-diTimestamp) and the password (ibm-diPassword). To get the user entry you have to perform a search using the ibm-diUserId, which should be the login of that User (e.g. uid or cn)
Hope this helps!
-Eddie
Thank you very much Eddie. Please put some more light on how to retrieve the ibm-diPassword attribute value from the ldap.entry object. I mean i want to read LDAP modify entry from LDAP server connector.
"ldap.entry": "{
"ibm-diPassword": [
"replace",
"Welcome1"
],
"ibm-diTimestamp": [
"replace",
"20171212162829.6+0800"
]
}",
"ldap.dn": "ibm-diUserId=AETELECOM,ou=PasswordStore,dc=com",
"ldap.ipaddress": "/10.254.4.33"
}
i tried all getValue(), getString, getWorkObject even tried getting it as a json array but everything failed.
Are you still using the LDAPServer Connector? I told you this was a dangerous path, since you will have to ensure your LDAPServer based AL is highly available, or the plugin will fail. Better to write directly to AD and listen for changes. Or use the queue (TDI System Queue, which is Apache MQ under the covers).
ldapEntry = work.getObject("ldap.entry"); // Get Entry object stored as value
newPassword = ldapEntry.getString("ibm-diPassword"); // Get pwd from ldap Entry
Thank you very much Eddie. i got the value from below
ldapEntry = work.getObject("ldap.entry");
cPass = ldapEntry["ibm-diPassword"][1];

Thanks again.

Loading...