I’ve just completed work on a set of modifications to the LDAP Provider in Sakai, which should be of interest to anyone that has an LDAP integration, as it adds some nifty features:
1. Use a preferred name if it exists:
This adds an additional field to the jldap-beans.xml config file called preferredFirstName, which if set, will map the value of that field onto the firstName field preferentially. So if you have a preferredName field in your LDAP directory, that value can pass through into Sakai.
2. Searching an LDAP server given some criteria:
This leverages a new kernel interface called ExternalUserSearchUDP added as part of SAK-6792 which allows searching of an external directory, for matches in either username, email, first name or last name.
JLDAP provider now implements this interface and will search the directory for users that match the criteria. This is exposed in the UserDirectoryService as searchExternalUsers(String criteria, int first, int last).
3. Finding users who share an email address:
This leverages a new kernel interface called UsersShareEmailUDP which allows searching of an external directory for multiple users who share the same email address. The UserDirectoryService already takes advantage of this via the findUsersByEmail(String email) method, however the provider was only returning one entry. With this extension, the provider can now return the full set of matches.
4. Adding a jpegPhoto property to a User’s properties:
This adds an additional field to the jldap-beans.xml config file called jpegPhoto, which if set, will map the value of that field to a corresponding property in the User object, containing a BASE-64 encoded JPEG image. Some directory providers add official images to this field for their users, so this will allow a central store of these images.
This will then feed into Profile2, so these official images can be used preferentially.