LDAP Data Sources
    • 24 Apr 2024
    • 1 Minute to read
    • Dark
      Light
    • PDF

    LDAP Data Sources

    • Dark
      Light
    • PDF

    Article summary

    LDAP Data Sources use an LDAP adapter and an LDAP translator, to expose an LDAP directory tree relationally.

    Creating a Data Source

    To create a Data Source based on LDAP repository:

    1. In the Tenant Settings screen, select the PIP Settings tab.
    2. From the Policy Authorization Agent drop-down list, select the PAA in which you wish to create the new Data Source.
    3. Click New Data Source.
    4. In the Name field, enter the name of the new Data Source.

    Note: The Data Source name must be unique.

    1. Under Connection Adapter, choose the LDAP option.

      LDAP Connection

    2. Fill in the Connection Settings details, including:

      • In the LDAP Url field, fill in the LDAP URL.
      • Fill in the LDAP Admin User DN, the Base DN for LDAP Searches.
      • Add the LDAP password in the LDAP Admin User Password field.
    3. Click Test Connection.

      Under the Models section:

      • In the Name field, enter a virtual schema name.

    Note: The Model name must be unique.

    • Under DDL field write a valid DDL to fetch LDAP Attributes, according to this pattern:

      CREATE FOREIGN TABLE <table name> (
          <attr1> string options(nameinsource '<attr name in ldap>'),
          <attr2> string options(nameinsource '<attr name in ldap>'),
          … 
      ) OPTIONS(nameinsource '<Base DN>?<Search-Scope>?<Object-Class>?updatable false');
      
      

      Example: This DDL example fetches all users from the node cn=pidAdmin,ou=users,dc=example,dc=com in the LDAP tree and down the tree with nested searches.

      CREATE FOREIGN TABLE LDAP_TEST (
          Name string options(nameinsource 'sAMAccountname'),
          Company string options(nameinsource 'company'),
          CommonName string options(nameinsource 'cn')
      ) OPTIONS(nameinsource 'cn=pidAdmin,ou=users,dc=example,dc=com?User?SUBTREE_SCOPE?updatable false');
      
      

      Note: search-scope can have these values: SUBTREE_SCOPE, OBJECT_SCOPE, ONELEVEL_SCOPE (this is the default, if not you do not set any other options as part of the DDL)

    For more advanced settings and options you can reach our support with specific requirements and use cases.

    1. You can add Translator Properties under the translator section.

    Note: Usually, you do not need to set translator properties, you can find a list of possible properties for advanced use in the Get List of Translators.

    1. Click Create to save your configuration settings and create the Data Source object in the Platform.

    LDAP Connector Limitations

    Due to limitations in LDAP, the following capabilities are not supported in the LDAP Connector.

    1. Aggregates
    2. Aliased Groups
    3. BETWEEN Criteria
    4. Case Expressions
    5. Correlated Subqueries
    6. EXISTS Criteria
    7. Functions
    8. Inline views
    9. IS NULL criteria
    10. Joins
    11. NOT criteria
    12. ORDER BY
    13. Quantified compare criteria
    14. Row Offset
    15. Searched Case Expressions
    16. Select Distinct
    17. Select Literals
    18. UNION
    19. XA Transactions

    Was this article helpful?