Short Description |
Ports |
Metadata |
LDAPReader Attributes |
Details |
Examples |
See also |
LDAPReader reads information from an LDAP directory converting it to CloverETL Data Records.
Component | Data source | Input ports | Output ports | Each to all outputs | Different to different outputs | Transformation | Transf. req. | Java | CTL | Auto-propagated metadata |
---|---|---|---|---|---|---|---|---|---|---|
LDAPReader | LDAP directory tree | 1 | 1-n |
Port type | Number | Required | Description | Metadata |
---|---|---|---|---|
Input | 0 |
Input records used for defining base and filter. If input port is connected then for each input record one query is assembled and sent to the LDAP server. If such query returns no result then one empty record is sent out (with autofilling fields populated); This behavior is only when input port connected. | Any | |
Output | 0 | For correct data records. Results of the search must have the same objectClass. | Any [1] | |
1-n | For correct data records | Output 0 | ||
[1] Metadata on the output must precisely describe the structure of the read object. |
LDAPReader does not propagate metadata.
LDAPReader has no metadata template.
Metadata on the output must precisely describe the structure of the read object. Only Clover fields of types String and Byte/CompressedByte are supported.
Metadata can use Autofilling Functions. Autofilling attribute filename is set to complete url (includes base, filter).
Attribute | Req | Description | Possible values |
---|---|---|---|
Basic | |||
LDAP URL | yes | LDAP URL of the directory. | ldap://host:port/ |
Base DN | yes |
Base Distinguished Name (the root of your LDAP tree) used for LDAP search.
It is a comma separated list of attribute=value pairs
referring to any location with the directory, e.g., if
Optional references to input record's fields in the form $field_name are resolved. | |
Filter | yes |
Filter used for the LDAP connection.
attribute=value pairs as a filtering condition for the search.
All entries matching the filter will be returned, e.g.,
Optional references to input record's fields in the form $field_name are resolved. | |
Scope |
Scope of the search request.
By default, only one
If
If | object (default) | onelevel | subtree | |
User | no | User DN to be used when connecting to the LDAP directory.
Similar to the following: cn=john.smith,dc=example,dc=com .
| |
Password | no | Password to be used when connecting to the LDAP directory. | |
Advanced | |||
Multi-value separator | no |
The character/string to be used when mapping multi-value attribut on simple Clover field as concatenation of string values. LDAPReader can handle keys with multiple values. These are delimited by this string or character. <none> is special escape value which turns off this functionality, then only the first value is read. This attribute can only be used for string data type. When byte type is used, the first value is the only one that is read. | "|" (default) | other character or string |
Alias handling | to control how aliases (leaf entries pointing to another object in the namespace) are dereferenced | always | never | finding (default)| searching | |
Referral handling | By default, links to other servers are ignored.
If follow , the referrals are processed. | ignore (default) | follow | |
Page size | no | Size of the page used in paging. If >0 then LDAP server is queried in paging mode and this attribute defines how many records are returned on one page. | e.g. 256 |
All attributes | no | Query LDAP for all available attributes or only those directly mappable on output fields. When using defaultField then this should be set to True. | True | False |
Default field | no | The name of the output field of type MAP(string) where attributes without explicit mapping (corresponding field names on output port) will be stored. | e.g. field15 |
Binary attributes | no | List of field names containing binary attributes
By default, the objectGUID is added to list of binary attributes. | e.g. objectGUID |
LDAP Connection Properties | no | Java Property-like style of key-value definitions which will be added to LDAP connection environment. |
LDAPReader provides the logic to extract the search results and transform them into CloverETL Data Records.
The results of the search must have the same objectClass
.
The metadata provided on output port/edge (field names) are used when mapping from LDAP attributes to fields.
Only string and byte (cbyte) Clover data fields are supported.
String is compatible with most of LDAP usual types, byte is necessary, for
example, for userPassword
LDAP type reading.
Multi-value attributes are mapped onto target fields two ways:
if target field is of type List then individual values are stored as individual items.
If target field is simple type (and multiValueSeparator is set) then values are concatenated with the defined separator and stored as a single value.
When defaultMapping field is set (must be of type Map) then all unmapped attributes returned from LDAP server are stored in the map in key->value manner. Multi-values are stored concatenated.
Searching the entry an alias entry points to is known as dereferencing an alias. Setting the Alias handling attribute, you can control the extent to which entries are searched:
always
: Always dereference aliases.
never
: Never dereference aliases.
finding
: Dereference aliases in locating the
base of the search but not in searching subordinates of the base.
searching
: Dereference aliases in searching
subordinates of the base but not in locating the base
Reading Data from LDAP |
Looking up a Record from LDAP |
Reading binary attributes |
Read records with uid=*
from ou=people,dc=foo,dc=?
subtree on foobar.com
(port 389).
Use credentials: user uid=Manager,dc=foo,dc=bar
and password manager_password
.
The values for dc=? will be received from input edge in dc field.
Attribute | Value |
---|---|
LDAP URL | ldap://example.com:389 |
Base DN | ou=people,dc=foo,dc=$dc |
Filter | uid=* |
Scope | subtree |
Retrieve information about particular person identified by uid. The uid is received from input edge. The information about persons is in "cn=people,dc=uninett,dc=no" subtree on LDAP server example.com (port 389).
The metadata on output port has following fields: cn (string), displayName (string), mail (list of strings), uid (string), objectClass (list of strings), default (map of strings).
Attribute | Value |
---|---|
LDAP URL | ldap://example.com:389 |
Base DN | ou=people,dc=example,dc=com |
Filter | uid=$userId |
Scope | subtree |
The filter parameter contains reference to input field name userId. This reference will be resolved for all input records and LDAP query executed (and result parsed) for each input record.
This example shows way to read binary attributes from LDAP.
Read the records from Reading Data from LDAP example. In addition to the example, the records contain binary field objectGUID.
The output metadata of LDAPReader should contain a byte field for objectGUID.
Use Reformat and byte2hex function to convert the byte field to string.
//#CTL2 function integer transform() { $out.0.* = $in.0.*; $out.0.logonHours = byte2hex($in.0.logonHours); return ALL; }
Similarly you can use byte2hex function with prefix argument to get hexadecimal string reprezentation of objectGUID attribute.
String strObjectGUID = byte2hex($in.0.objectGUID,"\\");
Improving search performance:
If there are no alias entries in the LDAP directory that require dereferencing,
choose Alias handling never
option.
Since 4-1-0-M1 LDAPReader supports paging.
Since 4.4.1 LDAPReader allows user to read binary data from binary fields. New attributes Binary attributes and LDAP Connection properties are available.