How To
Archived

How do I connect to LDAPS from within an IG 5.x Groovy script using the LdapClient class?

Last updated Apr 7, 2021

The purpose of this article is to provide information on connecting to LDAPS from within an IG Groovy script using the LdapClient class.


Archived

This article has been archived and is no longer maintained by ForgeRock.

Connecting to LDAPS

As of IG 6, the documentation provides scripts that can be used in a ScriptableFilter for both LDAP and LDAPS authentication: Gateway Guide › Scripting Authentication to LDAP-Enabled Servers. You can use this information in IG 5.x as well.

Alternatively, the following script provides a simple example using the LdapClient class to connect to LDAPS using ldapOptions; again this script can be used in a ScriptableFilter for authentication:

import org.forgerock.opendj.ldap.* import org.forgerock.openam.ldap.LDAPUtils import org.forgerock.opendj.security.SslContextBuilder import org.forgerock.opendj.security.* ..... ldapOptions = ldap.defaultOptions(context) if (ssl) { SslContextBuilder builder = new SslContextBuilder(); builder.trustManager(TrustManagers.trustAll()); SslOptions sslOptions = SslOptions.newSslOptions(builder.build()).enabledProtocols(LDAPUtils.LDAP_SECURE_PROTOCOLS); ldapOptions = ldapOptions.set(CommonLdapOptions.SSL_OPTIONS, sslOptions); } ..... client = ldap.connect(host, port as Integer, ldapOptions)

You should be aware of the following with this script example:

  • The SslContextBuilder class has been removed in IG 6.5. See IG 6.5 Release Notes › Important Changes to Existing Functionality (DS API Change for Secure LDAP Connection) for further information on how this changes affects this example script.
  • This script assumes SSL is passed in a boolean flag; if you know you will always be doing SSL, you can leave the if block out.
  • The script also calls builder.trustManager(TrustManagers.trustAll()); which makes initial setup simpler in terms of importing certificates and keystores etc, but may not be appropriate in a production setup.
Note

You should ensure your LDAPS clients are configured correctly; see How do I configure LDAPS clients in DS 5.x and 6.x? for further information.

See Also

API Javadoc › Class LdapClient

Related Training

N/A

Related Issue Tracker IDs

N/A


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.