Datapower Custom RBM LDAP – Thys Michels Blog

<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" 
    xmlns:dp="http://www.datapower.com/extensions" 
    xmlns:regexp="http://exslt.org/regular-expressions" 
    extension-element-prefixes="dp regexp" 
    exclude-result-prefixes="dp regexp"
    version="1.0">
    
    <xsl:output method="text"/>
    
    <!--+
        Expected input document looks like this:
            <credentials>
                <entry type="ldap">uid=sarah,ou=users,dc=ibmdemo,dc=com</entry>
            </credentials>
        +-->
    
    <xsl:variable name="ldapServerIP" select="'kaplang'"/>
    <xsl:variable name="ldapServerPort" select="'11389'"/>
    <xsl:variable name="bindDN" select="'uid=admin,ou=system'"/>
    <xsl:variable name="bindPW" select="'mysecret'"/>
    
    <xsl:variable name="rbmfile" select="'local:///rbmTemplates.xml'" />
    <xsl:variable name="rbm-templates" select="document($rbmfile)"/>
    
    <xsl:variable name="targetDN" select="'ou=domains,dc=ibm,dc=com'"/>
    <xsl:variable name="attributeName" select="'cn'"/>
    <xsl:variable name="filterTemplate" select="'(&amp;(objectClass=groupOfNames)(member=USER_DN))'"/>
    <xsl:variable name="sslProxyProfile" select="''"/>
    <xsl:variable name="ldapLBGroup" select="''"/>
    <xsl:variable name="ldapVersion" select="'v3'"/>
    
    <xsl:template match="/">
        <xsl:variable name="authenticatedUserDN" select="credentials/entry"/>
        <xsl:variable name="filter" select="regexp:replace($filterTemplate,'USER_DN','g',$authenticatedUserDN)"/>
        <xsl:variable name="search-results" select="dp:ldap-search(
            $ldapServerIP, $ldapServerPort, 
            $bindDN, $bindPW, 
            $targetDN,
            $attributeName, 
            $filter, 
            'sub',
            $sslProxyProfile, 
            $ldapLBGroup,
            $ldapVersion)"/>
        
        <xsl:for-each select="$search-results/LDAP-search-results/result">
            <xsl:call-template name="create-access-profiles">
                <xsl:with-param name="domain" select="regexp:match(DN,'^cn=[^,]+,ou=([^,]+)')[2]"/>
                <xsl:with-param name="role" select="attribute-value[@name='cn']"/>
            </xsl:call-template>
        </xsl:for-each>
        
    </xsl:template>
    
    <xsl:template name="create-access-profiles">
        <xsl:param name="domain"/>
        <xsl:param name="role"/>
        
        <xsl:variable name="priv">
            <xsl:choose>
                <xsl:when test="$domain = 'default'">true</xsl:when>
                <xsl:otherwise>false</xsl:otherwise>
            </xsl:choose>
        </xsl:variable>
        
        <xsl:for-each select="$rbm-templates/rbm-templates/rbm-template[(@name=$role) and (@privileged=$priv)]/access-policy">
            <xsl:message><xsl:value-of select="concat(regexp:replace(.,'DOMAIN_ID','g',$domain),'
')"/></xsl:message>
            <xsl:value-of select="concat(regexp:replace(.,'DOMAIN_ID','g',$domain),'
')"/>
        </xsl:for-each>
    </xsl:template>
    
</xsl:stylesheet>
Rate this:

Share this:

Like this:
