DAL

DAL:

The Directory Abstraction Layer (DAL) provides the ability to execute Ad-Hoc LDAP queries via REST calls to be used in forms. The Karma server translates the REST calls to LDAP queries.

Example DAL query (config/local.yaml):

# ...
dal:
  'users_by_cn_or_name':
    type: 'ldap:list'
    authz: 'user'
    options:
      base: '<%= users.base %>'
      scope: '<%= users.scope %>'
      filter: '<%= users.filter %>'
      # which attributes to return
      attributes:
        entryDN
      sortBy: '<%= users.sort %>'
      # query allows you to to map client input variables to LDAP attributes (format: `clientInputVariableName:ldapAttributeName`)
      # which are added to the LDAP filter to further filter the result.
      # The client input variable can be suffixed with `!` to assure that a value is given, otherwise an empty result will be returned.
      query:
        'cn!': 'cn'
      # `qAttributes` option allows to define which attributes are searched from `k5-select` typeahead query
      qAttributes: givenName sn cn

DAL type: rest

since v2.11.0

DAL type to load data from an REST endpoint

Example configuration:

dal:
  'servers':
    type: 'rest'
    # possible options can be found here: https://www.npmjs.com/package/axios#request-config
    options:
      url: 'https://my.rest.api/servers'
      method: 'GET'
      headers:
        Authorization: 'Basic XXX'
      # if params is set, it overrides all received params
      params:
        os: 'linux'
      # query can be used to map received query parameters to a different name
      # in the following example, `$q` is received (e.g. by a k5-select field) and forwarded to the REST enpoint as `search`
      query:
        $q: search

This can be used to query the Karma REST API: since v2.21.0

'accounts-search':
  type: 'rest'
  options:
    url: http://localhost:9999/accounts?fields=$id,$name,$description
    query:
      $q: q
      $take!: take
      $skip!: skip
    forwardHeaders: Authorization
    response: data.collection

DAL type: ldap-list

since v2.11.6

  • new $filter option (boolean) to allow an additional ldap filter provided by the client

    DAL config:

    dal:
  with-custom-ldap-filter:
    type: 'ldap:list'
    options:
      $filter: true
      # and any other options

    Fields config:

    {
  "templateOptions": {
    "dal": {
      "key": "with-custom-ldap-filter",
      "queryOptions": {
        "$filter": "(cn=must match)"
      }
    }
  }
}

since v2.8.18

  • new qAttributes option to allow to define which attributes are searched from k5-select typeahead query
  • new take option to allow to define how many results should be returned by default (may be overriden in fields dal option $take)
  • new loadDefaultProperties option which allows to enrich each entry with some standard properties like $id, $name, $typeand $partition
  • new useServerSideSort option to make the ldap server sort the result set; when enabled the used sortBy attribute must have a value index
dal:
  roles:
    type: 'ldap:list'
    options:
      base: '<%= roles.base %>'
      scope: '<%= roles.scope %>'
      filter: '<%= roles.filter %>'
      $filter: false
      attributes:
        - entryDN
        - cn nrfLocalizedNames nrfLocalizedDescrs
        - nrfRoleCategoryKey nrfRoleLevel nrfStatus nrfActive
      sortBy: '<%= roles.sort %>'
      useServerSideSort: true
      qAttributes: cn nrfLocalizedNames nrfLocalizedDescrs
      take: 15
      loadDefaultProperties: true

DAL type: ldap:entry

# the type must be: 'ldap:entry'
type: 'ldap:entry'
# requireUnique tells Karma if ambigious results are allowed
# If requireUnique is true and multiple matching objects are found in LDAP, the DAL result will be empty.
# If requireUnique is false and multiple matching objects are found in LDAP, the DAL will return the first result.
# The default value is false
requireUnique: false

Additional examples for dal configuration

dal:
  'markets':
    type: 'ldap:list'
    # admin, user (default) or guest
    authz: 'user'
    options:
      base: 'cn=Market,cn=Level10,cn=RoleDefs,cn=RoleConfig,cn=AppConfig,<%= rbpm.driverRoot %>'
      scope: '<%= roles.scope %>'
      filter: '(objectClass=marketsAux)'
      # filterAttribute: 'entryDN'
      attributes: 'entryDN MarketName MarketNr nrfLocalizedNames nrfLocalizedDescrs l postalCode street'
      sortBy: 'MarketNr'

  'market-roles':
    type: 'ldap:list'
    # admin, user (default) or guest
    authz: 'user'
    options:
      base: 'cn=Level20,cn=RoleDefs,cn=RoleConfig,cn=AppConfig,<%= rbpm.driverRoot %>'
      scope: '<%= roles.scope %>'
      filter: '(&(objectClass=nrfRole)(nrfRoleCategoryKey=portal))'
      # filterAttribute: 'entryDN'
      attributes: 'entryDN cn nrfLocalizedNames nrfLocalizedDescrs'
      sortBy: '<%= roles.sort %>'

  'user-by-cn':
    type: 'ldap:entry'
    # admin, user (default) or guest
    authz: 'user'
    options:
      base: '<%= users.base %>'
      scope: 'sub'
      filter: '<%= users.filter %>'
      attributes: 'entryDN cn givenName sn'
      requireUnique: false
      query:
        queryCN: cn

  'systems':
    type: 'ldap:list'
    authz: 'user'
    options:
      base: 'cn=Systems,cn=Level10,cn=RoleDefs,cn=RoleConfig,cn=AppConfig,<%= rbpm.driverRoot %>'
      scope: '<%= roles.scope %>'
      filter: '(objectClass=Aux)'
      # filterAttribute: 'entryDN'
      attributes: 'entryDN AuxName AuxNr nrfLocalizedNames nrfLocalizedDescrs'
      sortBy: 'AuxNr'
NetIQ OSP OAuth2Custom Panels