/elasticsearch-river-ldap

LDAP river for elasticsearch

Primary LanguageJava

LDAP River Plugin for Elasticsearch

This plugin provides a new River type that can be used to retrieve data from LDAP servers for indexing into Elasticsearch.

Versions

LDAP River Plugin ElasticSearch
master (0.0.2) 0.90.2
0.0.1 master (0.19.8)

Installation

Type the command in your favorite shell :

$ bin\plugin -install tlrx/elasticsearch-river-ldap/0.0.2

Elasticsearch automatically install the plugin:

-> Installing tlrx/elasticsearch-river-ldap/0.0.2...
Trying https://github.com/downloads/tlrxelasticsearch-river-ldap/elasticsearch-river-ldap-0.0.2.zip...
Downloading ..........DONE
Installed elasticsearch-river-ldap

Configuration

To create a new LDAP river:

curl -XPUT 'localhost:9200/_river/my_ldap_river/_meta' -d '{
	    "type" : "ldap",
	    "ldap" : {
	        "host" : "ldap.example.com",
	        "port" : "389",
	        "ssl"  : false,
	        "userDn" : "tanguy",
	        "credentials" : "secret",
	        "baseDn" : "ou=users,ou=system",
	        "filter" : "(objectClass=person)",
	        "scope" : "subtree",
	        "attributes" : [
			"sn", 
			"cn", 
			"memberOf"
		],
	        "fields" : [
			"_id", 
			"name", 
			"groups"
		],
	        "poll" : 60000,
	    },
	    "index" : {
		"index" : "server0",
		"type"	: "person"
	    }
	}'

attributes and fields options are both array of strings. While the first is used to retrieve object attributes from the LDAP, the second will be used to rename the attributes and index them under a given field name.

In this example, the documents will be indexed as “person” document in the index “server0”:

  • the value of the LDAP attribute “sn” will be indexed as the document’s id
  • the value of the LDAP attribute “cn” will be indexed in a field called “name”
  • the values of the LDAP attribute “memberOf” will be indexed in a field called “groups”

The following options can be configured:

Option Value type
host string Host address of the LDAP server
port number Port number used to connect to the LDAP server (default: 389)
ssl boolean Set it to true if SSL and LDAPS must be used to connect to the LDAP server
userDn string User Distingushed Name (DN) used to authenticate against the LDAP server. If empty or null, no authentication will be performed.
credentials string User password used to authenticate against the LDAP server.
baseDn string Base DN used to search for objects
filter string LDAP search filter used to search objects
scope string Scope of the search filter, can be onelevel, object or subtree (default)
attributes array of string LDAP attributes names to retrieve
fields array of string Field names of the previous LDAP attributes. This array must have the same size as attributes array. _id field can be used to configure the document’s id.
index string Index name where the documents will be indexed
type string Type name of the documents

Thanks to Jörg Prante for the boilerplate code that comes from the nice JDBC River Plugin :o)