Use this if:
- You are doing a simple or list LDAP loader (any type)
- If you need to dereference LDAP objects
- The attribute that looks up user cannot be converted by text manipulation to subjectId or subjectIdentifier
- There are any number of lookups per day
Group in LDAP
User in LDAP
Ignore the fact that the RDN of the user DN has the subject ID in it in this example. If that is the case for you, you can simply unpack that
The list loader job will:
- Filter the groups
- Return the attribute of the users
- If the filter has not run recently (in the last day in this case), run the bulk filter, and cache the results
- Note the dn is the query attribute (though its not really an attribute, thats ok). Its the query attribute since that is what is looked up in the cache
- The uid is the result attribute of the filter
- Check the memory cache to lookup the value (do not run a filter if not found)
- Get the uid attribute of the user from cache
- Use that as the subjectId
- Store the groups in the "test:ldap" folder
The important part of this config is the subject expression:
${ldapLookup.assignLdapConfigId('personLdap').assignAttributeNameQuery('dn').assignTerm(subjectId).assignSearchDn('ou=People,dc=example,dc=edu').assignSearchScope('SUBTREE_SCOPE').assignFilter('(uid=*)').assignAttributeNameResult('uid').assignBulkLookup(true).assignCacheForMinutes(24*60).doLookup()}
Each time you run the job it will LDAP filter if it has not done so recently (TTL set in cache timeout)
