LDAPReader
We assume that you have already learned what is described in:
If you want to find the right Reader for your purposes, see Readers Comparison.
Short Summary
LDAPReader reads information from an LDAP directory.
| Component | Data source | Input ports | Output ports | Each to all outputs1) | Different to different outputs2) | Transformation | Transf. req. | Java | CTL |
|---|---|---|---|---|---|---|---|---|---|
| LDAPReader | LDAP directory tree | 0 | 1-n | no | no | no | no | no | no |
Legend
1) Component sends each data record to all connected output ports.
2) Component sends different data records to different output ports using return values of the transformation. See Return Values of Transformations for more information.
Abstract
LDAPReader reads information from an LDAP
directory and converting it to CloudConnect data records. It provides the
logic for extracting the results of a search and converts them into
CloudConnect data records. The results of the search must have the same
objectClass.
Only string and byte CloudConnect data fields are supported. String is
compatible with most of ldap usual types, byte is necessary, for
example, for userPassword ldap type reading.
Icon
Ports
| Port type | Number | Required | Description | Metadata |
|---|---|---|---|---|
| Output | 0 | yes | For correct data records | Any1) |
| 1-n | no | For correct data records | Output 0 |
Legend:
1): Metadata on the output must precisely describe the structure of the read object. Metadata can use Autofilling Functions.
LDAPReader Attributes
| Attribute | Req | Description | Possible values |
|---|---|---|---|
| Basic | |||
| LDAP URL | yes | LDAP URL of the directory. | ldap://host:port/ |
| Base DN | yes | Base Distinguished Name (the root of your LDAP tree). It is
a comma separated list of attribute=value pairs
reffering to any location with the directory, e.g., if
ou=Humans,dc=example,dc=com is the root of the subtree
to be search, entries representing people from example.com
domain are to be found. | |
| Filter | yes | attribute=value pairs as a filtering condition
for the search. All entries matching the filter will be returned, e.g.,
mail=* returns every entry which has an email address,
while objectclass=* is the standard method for returning
all entries matching a given base and scope because all entries have values
for objectclass. | |
| Scope | Scope of the search request. By default, only one
object is searched. If
onelevel, the level immediately
below the distinguished name, if subtree,
the whole subtree below the distinguished name is searched. | object (default) | onelevel | subtree | |
| User | User DN to be used when connecting to the LDAP
directory. Similar to the following:
cn=john.smith,dc=example,dc=com. | ||
| Password | Password to be used when connecting to the LDAP directory. | ||
| Advanced | |||
| Multi-value separator | LDAPReader can handle keys with multiple values. These are delimited by this string or character. <none> is special escape value which turns off this functionality, then only the first value is read. This attribute can only be used for string data type. When byte type is used, the first value is the only one that is read. | "|" (default) | other character or string | |
| Alias handling | to control how aliases (leaf entries pointing to another object in the namespace) are dereferenced | always | never | finding (default)| searching | |
| Referral handling | By default, links to other servers are ignored. If
follow, the referrals are processed. | ignore (default) | follow | |
Advanced Description
Alias Handling
Searching the entry an alias entry points to is known as dereferencing an alias. Setting the Alias handling attribute, you can control the extent to which entries are searched:
always: Always dereference aliases.never: Never dereference aliases.finding: Dereference aliases in locating the base of the search but not in searching subordinates of the base.searching: Dereference aliases in searching subordinates of the base but not in locating the base
Tips & Tricks
Improving search performance: If there are no alias entries in the LDAP directory that require dereferencing, choose Alias handling
neveroption.