ldap

Performs a search for a specified filter on the directory and fire events with results

Synopsys

ldap {
    # ldap hostname
    host => "ldap.forumsys.com"

    # ldap port
    port => 389

    # Base DN
    # If bind_dn is not specified or is empty, an anonymous bind is attempted.
    # This is defined in https://tools.ietf.org/html/rfc2251#section-4.2.2
    base_dn => "dc=example,dc=com"

    # The search filter can be simple or advanced, using boolean operators in the format
    # described in the LDAP documentation (see [RFC4515](http://www.faqs.org/rfcs/rfc4515) for full information on filters).
    search_filter =>"(objectClass=*)"

}

Available settings

Setting Type Info Default value
host string required ""
port int required 389
bind_dn string ""
bind_password string ""
base_dn string required ""
search_base string ""
search_filter string required "(objectClass=*)"
search_attributes array []
search_scope string "subtree"
size_limit int 0
paging_size int 1000
event_by string "entry"
interval string ""
var hash {}
target string "data"

Common Options

Details

host

  • This is a required setting
  • Value type is string
  • Default value is ""
  • ldap hostname

    port

  • This is a required setting
  • Value type is int
  • Default value is 389
  • ldap port

    bind_dn

  • Value type is string
  • Default value is ""
  • Bind dn

    bind_password

  • Value type is string
  • Default value is ""
  • Bind password

    base_dn

  • This is a required setting
  • Value type is string
  • Default value is ""
  • Base DN If bind_dn is not specified or is empty, an anonymous bind is attempted. This is defined in https://tools.ietf.org/html/rfc2251#section-4.2.2

    search_base

  • Value type is string
  • Default value is ""
  • A search base (the distinguished name of the search base object) defines the location in the directory from which the LDAP search begins.

    search_filter

  • This is a required setting
  • Value type is string
  • Default value is "(objectClass=*)"
  • The search filter can be simple or advanced, using boolean operators in the format described in the LDAP documentation (see RFC4515 for full information on filters).

    search_attributes

  • Value type is array
  • Default value is []
  • An array of the required attributes, e.g. [“mail”, “sn”, “cn”].

    Note that the “dn” is always returned irrespective of which attributes types are requested.

    Using this parameter is much more efficient than the default action (which is to return all attributes and their associated values).

    The use of this parameter should therefore be considered good practice.

    search_scope

  • Value type is string
  • Default value is "subtree"
  • The SCOPE setting is the starting point of an LDAP search and the depth from the base DN to which the search should occur.

    There are three options (values) that can be assigned to the SCOPE parameter:

    scope

    size_limit

  • Value type is int
  • Default value is 0
  • Maximum entries to return (leave empty to let the server decide)

    paging_size

  • Value type is int
  • Default value is 1000
  • Desired page size in order to execute LDAP queries to fulfill the search request.

    Set 0 to not use Paging

    event_by

  • Value type is string
  • Default value is "entry"
  • Send an event row by row or one event with all results possible values “entry”, “result”

    interval

  • Value type is string
  • Default value is ""
  • Set an interval when this processor is used as a input

    var

  • Value type is hash
  • Default value is {}
  • You can set variable to be used in Search Query by using ${var}. each reference will be replaced by the value of the variable found in search query content The replacement is case-sensitive.

    target

  • Value type is string
  • Default value is "data"
  • Define the target field for placing the retrieved data. If this setting is omitted, the data will be stored in the “data” field Set the value to “.” to store value to the root (top level) of the event

    Full configuration blueprint

    Expand me...