Search LDAP Entry
Retrieves partial or complete copies of entries matching a given set of criteria.
Description
This step performs an LDAP search operation to retrieve one or more LDAP entries from an external LDAP or Active Directory. Other journey steps may be used to add entries, bind entries, delete entries, modify entries, or modify passwords of entries.
You can specify the LDAP by selecting either an LDAP connection or Active Directory connection. Results are returned based on a given set of search criteria. You can specify a search base DN to specify the base of the subtree in which the search is to be constrained. In addition, a search filter can be configured to specify criteria to use to identify which entries within the "sub" search scope should be returned. If no filter is configured, the "base" search scope is used.
By default, all attributes are returned. However, you can configure to only return a specific set of attributes. Search results are returned in the specified output variable in JSON format. All attributes are represented as string unless you configure to return the specific attribute as Boolean, numeric or a string list.
If the step is successfully completed, the journey continues to the next step, and search results are outputted to the specified variable.
Configuration
Field | Description |
---|---|
LDAP Provider | The LDAP connection or Active Directory connection to use |
Base DN | Partial, comma-separated, LDAP search string, which can be prepended to the search string for a full search. For example: CN=Groups,OU=useast,DC=yourorg,DC=com Note: This must be provided but it may be the null DN. |
Output Variable | Name of the variable used to store the result data created by this step. This data represents the LDAP response, including partial or complete copies of entries that meet the search criteria |
Search Filter | LDAP filter for the search. Use wildcards to retrieve multiple results based on a partial set of attribute names or values. If specified, the search is performed within the "sub" scope; otherwise, the "base" scope is used. |
Specific Attributes to Return | Comma-separated list of attribute descriptions to return. If unspecified, all are returned. |
Boolean Attribute Names | Comma-separated list of attribute descriptions to represent as Boolean in the search result if they are returned. |
Numeric Attribute Names | Comma-separated list of attribute descriptions to represent as numbers in the search result if they are returned. |
String List Attribute Names | Comma-separated list of attribute descriptions to represent as string lists in the search result if they are returned. |
Result Data
The output variable stores the step response object with the following structure:
Field | Description |
---|---|
is_successful |
Boolean. LDAP response which includes the status of the step (success or failure). |
result_code |
Number. LDAP response which includes a numeric result code to categorize the reason for the success or failure. |
error_message |
String. LDAP response message that is included with the result code. |
result |
Array. Results of the LDAP search. All attributes are returned unless only specific attributes to return are configured. Attributes are represented as strings, unless a transformation is configured for them. If no entries match the search criteria, this is returned as empty. |