Datapower Custom RBM LDAP

<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" 
    xmlns:dp="http://www.datapower.com/extensions" 
    xmlns:regexp="http://exslt.org/regular-expressions" 
    extension-element-prefixes="dp regexp" 
    exclude-result-prefixes="dp regexp"
    version="1.0">
    
    <xsl:output method="text"/>
    
    <!--+
        Expected input document looks like this:
            <credentials>
                <entry type="ldap">uid=sarah,ou=users,dc=ibmdemo,dc=com</entry>
            </credentials>
        +-->
    
    <xsl:variable name="ldapServerIP" select="'kaplang'"/>
    <xsl:variable name="ldapServerPort" select="'11389'"/>
    <xsl:variable name="bindDN" select="'uid=admin,ou=system'"/>
    <xsl:variable name="bindPW" select="'mysecret'"/>
    
    <xsl:variable name="rbmfile" select="'local:///rbmTemplates.xml'" />
    <xsl:variable name="rbm-templates" select="document($rbmfile)"/>
    
    <xsl:variable name="targetDN" select="'ou=domains,dc=ibm,dc=com'"/>
    <xsl:variable name="attributeName" select="'cn'"/>
    <xsl:variable name="filterTemplate" select="'(&amp;(objectClass=groupOfNames)(member=USER_DN))'"/>
    <xsl:variable name="sslProxyProfile" select="''"/>
    <xsl:variable name="ldapLBGroup" select="''"/>
    <xsl:variable name="ldapVersion" select="'v3'"/>
    
    <xsl:template match="/">
        <xsl:variable name="authenticatedUserDN" select="credentials/entry"/>
        <xsl:variable name="filter" select="regexp:replace($filterTemplate,'USER_DN','g',$authenticatedUserDN)"/>
        <xsl:variable name="search-results" select="dp:ldap-search(
            $ldapServerIP, $ldapServerPort, 
            $bindDN, $bindPW, 
            $targetDN,
            $attributeName, 
            $filter, 
            'sub',
            $sslProxyProfile, 
            $ldapLBGroup,
            $ldapVersion)"/>
        
        <xsl:for-each select="$search-results/LDAP-search-results/result">
            <xsl:call-template name="create-access-profiles">
                <xsl:with-param name="domain" select="regexp:match(DN,'^cn=[^,]+,ou=([^,]+)')[2]"/>
                <xsl:with-param name="role" select="attribute-value[@name='cn']"/>
            </xsl:call-template>
        </xsl:for-each>
        
    </xsl:template>
    
    <xsl:template name="create-access-profiles">
        <xsl:param name="domain"/>
        <xsl:param name="role"/>
        
        <xsl:variable name="priv">
            <xsl:choose>
                <xsl:when test="$domain = 'default'">true</xsl:when>
                <xsl:otherwise>false</xsl:otherwise>
            </xsl:choose>
        </xsl:variable>
        
        <xsl:for-each select="$rbm-templates/rbm-templates/rbm-template[(@name=$role) and (@privileged=$priv)]/access-policy">
            <xsl:message><xsl:value-of select="concat(regexp:replace(.,'DOMAIN_ID','g',$domain),'
')"/></xsl:message>
            <xsl:value-of select="concat(regexp:replace(.,'DOMAIN_ID','g',$domain),'
')"/>
        </xsl:for-each>
    </xsl:template>
    
</xsl:stylesheet>
Advertisements

One Comment on “Datapower Custom RBM LDAP

  1. Hello Michel,

    I have a requirement to not authenticate a user to LDAP which is a DataPower Local Account , as the user is used in code and making constant calls to LDAP is not preferred from LDAP. All other users in the RBM XML file have to be authenticated via LDAP.

    I wanted to come up with a stylesheet inorder to achieve the above, could you please help me in this regard.

    Regards,
    Shiva

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: