What is Active Directory (AD)?
AD is a directory service developed by Microsoft for Windows domain networks. It is a centralised database that stores information about network resources such as user accounts, computers, printers, and other network devices. AD provides authentication and authorisation services, allowing users to access network resources based on their permissions and group memberships.
How to connect to Active Directory
We can connect to AD via a Lightweight Directory Access Protocol (LDAP). This protocol is for accessing and managing directory information services over an internet protocol network.
In MuleSoft, we have a connector called ‘LDAP’, which we can utilise to connect AD. Before connecting to AD, we need to establish a connection to it.
We can achieve this using two methods:
- Basic Configuration
- SSL Configuration
Global configuration details
Below is a global configuration using ‘Basic Configuration’.
In ‘Basic Configuration’, we need the following parameters to connect to AD:
- Principal DN: The Distinguished Name (DN) of the user – the Common Name (CN) is part of the DN, which uniquely identifies an entry within the directory tree. The DN typically consists of the CN attribute and other attributes like Organisational Unit (OU), Domain Component (DC), etc.
- Password: The user’s password.
- URL: The connection URL to the LDAP server. Use 389 for LDAP communication without encryption.
Below is a global configuration using ‘SSL Configuration’.
- Here, we can use the Principal DN and password used earlier, but the URL and security details will change.
- For ‘SSL Configuration’, we need to change LDAP to LDAPS and change the port from 389 (LDAP) to 636 (LDAPS).
- In short, port 389 is used for LDAP communication without encryption, while port 636 is used for LDAP communication with encryption via SSL/TLS, providing a higher level of security for sensitive data transmitted over the network.
Add security information in the Security tab in the LDAP configuration:
When using SSL, we need to configure TrustStore for adding client certificates. We can configure TrustStore in the Security tab.
In the above example, I have configured ldap-truststore.jks file, which resides in src/main/resources folder in the TrustStore Path and ldap-truststore.jks file protected by the TrustStore password.
I received the client certificate(.cer) file and added it to ldap-truststore.jks file.
Since I am planning to deploy this application to CloudHub, the Mule expression ${mule.home}/apps/${app.name}/ldap-truststore.jks is used to pick ldap-truststore.jks file from src/main/resources folder.
Let’s get started with the integration
Search
Follow the below steps to Search for user information from AD.
Here, we complete the search based on the Filter attribute and get the response based on the field we use in Filter.
- Base DN: The base DN of the LDAP search.
- Filter: A Filter String – we used employeeID=12345 in the above example.
Please note the field we add in the Filter must be present in AD, if not, we get an empty response.
DataWeave transformer, which will transform response payload to JSON:
For the search string we passed in the filter, we get the below response from AD. I have added a few fields below:
Modify entry
Follow the below steps to Modify an entry in AD.
- The above DataWeave transform is used to update the attribute ‘customattributeName’ with the value ‘attributeValue’.
- Here, ‘employeeName’ is dynamic, and we can update this with the name we want to update, ‘customattributeName’.
Below is a DataWeave example where I modified ‘externalAttribute’ of ‘Mule’ with the value ‘12345’.
Reference link: ldap-connector-reference
