Project Description
I needed to search with ADFS v2.0 an attribute in an LDAP attribute store but with an anonymous access. I did not find a solution on Internet. So I developped a solution.

I had only to join the samaccountname to the ldap attribute uid and then to get the value of myattribute.
I generalized a little.

In ADFS, I added http://schemas.douminiqueph.fr/myattribute as a claim type and My Attribute as a description.

ADFS v2 has custom rules to find attributes.
To do the join between the SamAccountName on Ad and uid on the LDAP, I wrote a custom rule:

c:Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"
=> issue(store = "LdapAnonymousStore", types = ("http://schemas.douminiqueph.fr/myattribute"), query = "uid={0};myattribute", param = regexreplace(c.Value, "(?<domain>^\\)\\(?<user>.)", "${user}"));

I added an custom atribute store.

I give the name :LdapAnonymousStore
I had to give the class of this store. The name of the DLL is CustomLdapStore and the name of the class is CustomLdapStore.LdapAnonymousStore. So, I gave
CustomLdapStore.LdapAnonymousStore, CustomLdapStore as Custom attribute class name.
I added two initialization parameters
1) host with the DNS name of the LDAP server and the port separed by a colon,
2)base with the base of the LDAP search.

The accepted query is composed of two parts separed by a semicolon:
an ldap query and the list of the searched ldap attributes
The attributes of the last list must be separed by a comma.

The response is an jagged array. There is a column by attribute and a line by result.
So, each request must give the same number of response(s) for each attribute. If it is not possible, you will have to use many custom rules.

I added the possibility to use an simple authentication, with (or not) ssl. It is possble to use multi-valued attributes, and the version 3 de ldap is required. I think, that all the ldap server use this version. I tested with an antique version of Netscape Directory Server (4.16) and Active Directory. There is no problem.

You will find two assemblies in the package that you can dowanlaod, the dll and an executable to test. You have also documentation, in word and pdf, and the sources.


Last edited Apr 28, 2012 at 3:53 PM by doumeguerin, version 6