Integrating Active Directory with WSO2 Enterprise Integrator

The following are the key terms that will be used in this article. If anyone is already familiar with those terms can skip the definitions section and proceed from the use case section.

Definitions

WSO2 Enterprise Integrator

WSO2 Enterprise Integrator is a comprehensive integration solution that enables the communication between various disparate applications. Instead of having your applications communicate with each other in all their different formats, they simply have to communicate with WSO2 EI.

Active Directory (AD)

Active Directory is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management.

Lightweight directory access protocol (LDAP)

LDAP (Lightweight Directory Access Protocol) is a software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate intranet.

Lightweight Directory Access Protocol is the protocol that Exchange Server uses to communicate with Active Directory.

Apache Directory Studio

Apache Directory Studio is a complete directory tooling platform intended to be used with any LDAP server however it is particularly designed for use with ApacheDS.

Apache Directory is an open-source project of the Apache Software Foundation

WSO2 connector store

provides 200+ connectors for connecting to popular business-critical services. You can now connect, secure and monitor your enterprise applications.

WSO2 Integration Studio

WSO2 integration studio is a drag and drops tooling environment designed for WSO2 enterprise integrator. Developers can design workflows, develop, debug, test and deploy artifacts easily using this toolkit. This is available as an Eclipse-based plugin as well as a Visual Studio code based plugin.

Use case

WSO2 Enterprise Integrator can be connected/integrated with many enterprise applications to build a connected experience. While developing such we came across a scenario where it needs to create an active directory account whenever a new user account is created in ServiceNow.

In my previous article, I demonstrated how to get a ServiceNow trigger upon user account creation event, So what we need to implement now is creating an ESB service which can create an AD account upon ESB flow invoke.

To do that we need an Active Directory server. So in this article, I’m using Apache Directory Studio to create an Active Directory Server.

And I am going to use the LDAP connector which exists in the WSO2 connector store to develop my integration flow.

Following are the steps you need to follow,

1. Setup Apache active directory studio and create an active directory server
2. Download the LDAP connector and import it to your Integration studio tooling.
3. Enable LDAP connector in the EI server.
4. Design the flow in ESB
5. Deploy it and test it

Implementation

Step 1: Setting up Active Directory Server using Apache Active Directory Studio

First Download and install Apache AD studio.

1. Go to Window > Show view > LDAP Servers to open the LDAP Servers tab. Right-click on empty space, go to New >New Server, Select Apache DS 2.0.0 and click Finish. Now LDAP server creation is a success.
2. Now right-click on the LDAP server and click on Run to run the server.
3. Now again right-click on that server and click on Create a connection to create a connection. Open Window > Show view > Connections to open connections tab.
4. Double click on the connection on the connection tab to establish the connection.
5. Go to Open Window > Show view > LDAP Browser, to open browser window of LDAP connection.
6. Open directory hierarchy in the LDAP Browser to view the tree structure of the created active directory.
7. In the tree view under ou=system, there is an entry called uid=admin. Click on that entry to view admin user details. You can also view and edit the password, by double-clicking on user password value in that property view.

Click on checkbox Show current password details to view the admin password. (It will be visible in the current password filed) and go to the New password tab to change the password.

Step 2: Import the LDAP connector to Integration Studio tooling.

Visit the WSO2 connector store and download the LDAP connector. You can also view connector specific documentation by visiting the Documentation link. As well as you can see versions of the connector along with compatible ESB, EI version in the Older versions section.

Now go to your WSO2 Integration Studio, the tooling kit of WSO2 Enterprise Integrator, and create an ESB solution project using that. Then right-click on that project and click on “Add or Remove Connector” to add the connector. Now browse to the previously downloaded zip archive to import the connector.

Whenever you import the connector, connector operations should be available in your tool palette. To view this palette you should open rest API in a design view.

Step 3: Enable LDAP connector in the EI server.

Go to the management console. The management console URL will be displayed in the terminal when you run the Enterprise Integrator server.

Add the downloaded LDAP connector to Enterprise Integrator by importing it from the management console. To do that go to the management console and follow Main>Connectors>Add and upload the connector.

Then enable the connector.

Step 4: Design ESB flow.

Create an ESB solutions project and add a REST API to that project. Import LDAP connector to that project as explained above. Open REST API in the design view. Drag and drop an init operation and add operation to that inflow design area. Init operation is used to initialize the connection to Active Directory and Add operation is used to add entries.

Click on each operator and edit properties in the property tab accordingly. In init, you need to specify admin account credentials to initialize connection and In add, you need to specify details od the entry to be added.

Here this REST API should create an HTTP POST resource that will get details from the POST body and send that information in the add operation.

Step 5: Deploy and Test

First set up a remote server connection inside Integration Studio.

Goto Window > Show view > Servers to open the Servers tab. Right-click on that tab and click on New > Server. Click on the WSO2 Remote server under the WSO2 section, and provide WSO2 Enterprise integrator server details. Now you are remotely connected to the WSO2 Enterprise integrator server. Now you can easily deploy ESB projects by right click on the server and going to Add and Remove.

Now deploy the above created ESB solution project as described above. and you can test your application by invoking ESB solution endpoint as you normally do.

Let's think above REST API’s context is /ldap, your EI is running on localhost:9443 and it is accepting an HTTP POST object in the below format.

{“firstName”:”abc”, “lastName”:”efg”}

Now you can send such object to below endpoint

http://localhost:9443/ldap

Summary

In this tutorial, I demonstrated how to do an LDAP add entry operation using WSO2 Enterprise Integrator and EI studio. As I have shown there are more operations in the same LDAP connector, which can be used after the init operator.

Also, you can use this to connect any Active Directory, by changing properties. You can also edit these API s in the source view if you are more familiar with XML configurations.

Thank You