With 'apoc.load.ldap' you can execute queries on any LDAP v3 enabled directory, the results are turned into a streams of entries. The entries can then be used to update or create graph structures.
Note this utility requires to have the jldap library to be placed the plugin directory.
| procedure | apoc.load.jdbcParams | deprecated - please use: apoc.load.jdbc('key or url','',[params]) YIELD row - load from relational database, from a sql statement with parameters |
|---|
| Parameter | Property | Description |
|---|---|---|
|
{connectionMap} |
|
the ldapserver:port if port is omitted the default port 389 will be used |
|
|
This is the dn of the ldap server user who has read access on the ldap server |
|
|
|
This is the password used by the loginDN |
|
|
{searchMap} |
|
From this entry a search is executed |
|
|
SCOPE_ONE (one level) or SCOPE_SUB (all sub levels) or SCOPE_BASE (only the base node) |
|
|
|
Place here a standard ldap search filter for example: (objectClass=*) means that the ldap entry must have an objectClass attribute. |
|
|
|
optional. If omitted all the attributes of the entries will be returned. When specified only the specified attributes will be returned. Regardless the attributes setting a returned entry will always have a "dn" property. |
Retrieve group member information from the ldap server.
---
call apoc.load.ldap({ldapHost : "ldap.forumsys.com", loginDN : "cn=read-only-admin,dc=example,dc=com", loginPW : "password"},
{searchBase : "dc=example,dc=com",searchScope : "SCOPE_SUB"
,attributes : ["uniqueMember","cn","uid","objectClass"]
,searchFilter: "(&(objectClass=*)(uniqueMember=*))"}) yield entry
return entry.dn, entry.uniqueMember
---
| entry.dn | entry.uniqueMember |
|---|---|
|
"ou=mathematicians,dc=example,dc=com" |
|
|
|
|
|
|
|
|
"ou=italians,ou=scientists,dc=example,dc=com" |
|
|
|
|
|
|
Retrieve group member information from the ldap server and create structure in Neo4j.
---
call apoc.load.ldap({ldapHost : "ldap.forumsys.com", loginDN : "cn=read-only-admin,dc=example,dc=com", loginPW : "password"},
{searchBase : "dc=example,dc=com",searchScope : "SCOPE_SUB"
,attributes : ["uniqueMember","cn","uid","objectClass"]
,searchFilter: "(&(objectClass=*)(uniqueMember=*))"}) yield entry
merge (g:Group {dn : entry.dn})
on create set g.cn = entry.cn
foreach (member in entry.uniqueMember |
merge (p:Person { dn : member })
merge (p)-[:IS_MEMBER]->(g)
)
---
To protect credentials, you can configure aliases in conf/neo4j.conf:
neo4j.conf Syntax.
apoc.loadldap.myldap.config=<host>:<port> <loginDN> <loginPW>
neo4j.conf:
apoc.loadldap.myldap.config=ldap.forumsys.com:389 cn=read-only-admin,dc=example,dc=com password
Then
call apoc.load.ldap({ldapHost : "ldap.forumsys.com", loginDN : "cn=read-only-admin,dc=example,dc=com", loginPW : "password"}
, {searchBase : "dc=example,dc=com"
,searchScope : "SCOPE_SUB"
,attributes : ["cn","uid","objectClass"]
,searchFilter: "(&(objectClass=*))"
}) yield entry
return entry.dn, entrybecomes
call apoc.load.ldap("myldap"
,{searchBase : "dc=example,dc=com"
,searchScope : "SCOPE_SUB"
,attributes : ["cn","uid","objectClass"]
,searchFilter: "(&(objectClass=*))"
}) yield entry
return entry.dn, entry