LDAP River Plugin for Elasticsearch
This plugin provides a new River type that can be used to retrieve data from LDAP servers for indexing into Elasticsearch.
Versions
LDAP River Plugin | ElasticSearch |
---|---|
master (0.0.2) | 0.90.2 |
0.0.1 | master (0.19.8) |
Installation
Type the command in your favorite shell :
$ bin\plugin -install tlrx/elasticsearch-river-ldap/0.0.2
Elasticsearch automatically install the plugin:
-> Installing tlrx/elasticsearch-river-ldap/0.0.2... Trying https://github.com/downloads/tlrxelasticsearch-river-ldap/elasticsearch-river-ldap-0.0.2.zip... Downloading ..........DONE Installed elasticsearch-river-ldap
Configuration
To create a new LDAP river:
curl -XPUT 'localhost:9200/_river/my_ldap_river/_meta' -d '{ "type" : "ldap", "ldap" : { "host" : "ldap.example.com", "port" : "389", "ssl" : false, "userDn" : "tanguy", "credentials" : "secret", "baseDn" : "ou=users,ou=system", "filter" : "(objectClass=person)", "scope" : "subtree", "attributes" : [ "sn", "cn", "memberOf" ], "fields" : [ "_id", "name", "groups" ], "poll" : 60000, }, "index" : { "index" : "server0", "type" : "person" } }'
attributes and fields options are both array of strings. While the first is used to retrieve object attributes from the LDAP, the second will be used to rename the attributes and index them under a given field name.
In this example, the documents will be indexed as “person” document in the index “server0”:
- the value of the LDAP attribute “sn” will be indexed as the document’s id
- the value of the LDAP attribute “cn” will be indexed in a field called “name”
- the values of the LDAP attribute “memberOf” will be indexed in a field called “groups”
The following options can be configured:
Option | Value type | |
---|---|---|
host | string | Host address of the LDAP server |
port | number | Port number used to connect to the LDAP server (default: 389) |
ssl | boolean | Set it to true if SSL and LDAPS must be used to connect to the LDAP server |
userDn | string | User Distingushed Name (DN) used to authenticate against the LDAP server. If empty or null, no authentication will be performed. |
credentials | string | User password used to authenticate against the LDAP server. |
baseDn | string | Base DN used to search for objects |
filter | string | LDAP search filter used to search objects |
scope | string | Scope of the search filter, can be onelevel, object or subtree (default) |
attributes | array of string | LDAP attributes names to retrieve |
fields | array of string | Field names of the previous LDAP attributes. This array must have the same size as attributes array. _id field can be used to configure the document’s id. |
index | string | Index name where the documents will be indexed |
type | string | Type name of the documents |
Thanks to Jörg Prante for the boilerplate code that comes from the nice JDBC River Plugin :o)