Contents x
      LDAP Data Sources
      • 24 Apr 2024
      • 1 Minute to read
      • Print
      • Dark
        Light
      • PDF
      Contents

      LDAP Data Sources

      • Updated on 24 Apr 2024
      • 1 Minute to read
      • Print
      • Dark
        Light
      • PDF
      Article Summary

      LDAP Data Sources use an LDAP adapter and an LDAP translator, to expose an LDAP directory tree relationally.

      Creating a Data Source

      To create a Data Source based on LDAP repository:

      1. In the Tenant Settings screen, select the PIP Settings tab.
      2. From the Policy Authorization Agent drop-down list, select the PAA in which you wish to create the new Data Source.
      3. Click New Data Source.
      4. In the Name field, enter the name of the new Data Source.

      Note: The Data Source name must be unique.

      1. Under Connection Adapter, choose the LDAP option.

        LDAP Connection

      2. Fill in the Connection Settings details, including:

        • In the LDAP Url field, fill in the LDAP URL.
        • Fill in the LDAP Admin User DN, the Base DN for LDAP Searches.
        • Add the LDAP password in the LDAP Admin User Password field.

      3. Click Test Connection.

        Under the Models section:

        • In the Name field, enter a virtual schema name.

      Note: The Model name must be unique.

      • Under DDL field write a valid DDL to fetch LDAP Attributes, according to this pattern:

        CREATE FOREIGN TABLE <table name> (
    <attr1> string options(nameinsource '<attr name in ldap>'),
    <attr2> string options(nameinsource '<attr name in ldap>'),
    … 
) OPTIONS(nameinsource '<Base DN>?<Search-Scope>?<Object-Class>?updatable false');

        Example: This DDL example fetches all users from the node cn=pidAdmin,ou=users,dc=example,dc=com in the LDAP tree and down the tree with nested searches.

        CREATE FOREIGN TABLE LDAP_TEST (
    Name string options(nameinsource 'sAMAccountname'),
    Company string options(nameinsource 'company'),
    CommonName string options(nameinsource 'cn')
) OPTIONS(nameinsource 'cn=pidAdmin,ou=users,dc=example,dc=com?User?SUBTREE_SCOPE?updatable false');

        Note: search-scope can have these values: SUBTREE_SCOPE, OBJECT_SCOPE, ONELEVEL_SCOPE (this is the default, if not you do not set any other options as part of the DDL)

      For more advanced settings and options you can reach our support with specific requirements and use cases.

      1. You can add Translator Properties under the translator section.

      Note: Usually, you do not need to set translator properties, you can find a list of possible properties for advanced use in the Get List of Translators.

      1. Click Create to save your configuration settings and create the Data Source object in the Platform.

      LDAP Connector Limitations

      Due to limitations in LDAP, the following capabilities are not supported in the LDAP Connector.

      1. Aggregates
      2. Aliased Groups
      3. BETWEEN Criteria
      4. Case Expressions
      5. Correlated Subqueries
      6. EXISTS Criteria
      7. Functions
      8. Inline views
      9. IS NULL criteria
      10. Joins
      11. NOT criteria
      12. ORDER BY
      13. Quantified compare criteria
      14. Row Offset
      15. Searched Case Expressions
      16. Select Distinct
      17. Select Literals
      18. UNION
      19. XA Transactions
      Was this article helpful?
      What's Next