Retrieve entries from an LDAP server.
Search and list entries based on a filter list for each base DN target.
type: "io.kestra.plugin.ldap.search"Retrieve LDAP entries. In this example, assuming that their is exactly one entry matching each of our filter, the outputs of the task would be four entries in this order (since we search two times in the same baseDn): (dn, description, mail) of {melusine, metatron, melusine, metatron}.
id: ldap_search
namespace: company.team
tasks:
- id: search
type: io.kestra.plugin.ldap.Search
userDn: cn=admin,dc=orga,dc=en
password: admin
baseDn: ou=people,dc=orga,dc=en
filter: (|(sn=melusine*)(sn=metatron*))
attributes:
- description
- mail
hostname: 0.0.0.0
port: 15060
Hostname
Hostname for connection.
Password
User password for connection.
Port
A whole number describing the port for connection.
User
Username for connection.
["*"]Attributes
Specific attributes to retrieve from the filtered entries. Retrieves all attributes by default. Sepcial attributes may be specified : "+" -> OPERATIONAL_ATTRIBUTES "1.1" -> NO_ATTRIBUTES "0.0" -> ALL_ATTRIBUTES_EXCEPT_OPERATIONAL `--> This special attribute canno't be combined with other attributes and the search will ignore everything else.
simplesimplegssapiAuthentication method
Authentication method to use with the LDAP server.
ou=systemBase DN
Base DN target in the LDAP.
(objectclass=*)Filter
Filter for the search in the LDAP.
Kerberos key distribution center
Needed for GSSAPI authentication method. If set, property realm must be set too. If this is not provided, an attempt will be made to determine the appropriate value from the system configuration.
Page size
Enable LDAP paging (RFC2696) and fetch results by chunks of this size.
Use this when you want to RETRIEVE ALL matching entries safely, even if there are more than the server limit (often ~1000). The task will perform multiple paged searches until all entries are collected.
- Typical use case: full export / sync of an LDAP tree.
- Consequence: no truncation, but potentially more requests and longer execution time.
Realm
Needed for GSSAPI authentication method. If set, property kdc must be set too. If this is not provided, an attempt will be made to determine the appropriate value from the system configuration.
Size limit
Maximum number of entries to return.
Use this when you want to LIMIT the total number of results on purpose (sampling / safety). If more entries match the filter, only the first N will be returned.
- Typical use case: you only need a subset (e.g., first 200 users).
- Consequence: results can be TRUNCATED.
SSL Configuration
Configure SSL/LDAPS connection parameters.
{
"name": "SUB"
}SUB
Search scope of the filter : BASE -- Indicates that only the entry specified by the base DN should be considered. ONE -- Indicates that only entries that are immediate subordinates of the entry specified by the base DN (but not the base entry itself) should be considered. SUB -- Indicates that the base entry itself and any subordinate entries (to any depth) should be considered. SUBORDINATE_SUBTREE -- Indicates that any subordinate entries (to any depth) below the entry specified by the base DN should be considered, but the base entry itself should not be considered, as described in draft-sermersheim-ldap-subordinate-scope.
uriResult file URI
A file that contains zero or more matching queries as LDIF formatted strings.
Whether to disable checking of the remote SSL certificate.
Only applies if no trust store is configured. Note: This makes the SSL connection insecure and should only be used for testing. If you are using a self-signed certificate, set up a trust store instead.