*
Metamerge logo
Search

Advanced Search
*
*
*
* HOME DOCUMENTS & RESOURCES DOWNLOADS EARLY TECH ACCESS SUPPORT FAQ KNOWN ISSUES OLD VERSIONS
*

LDAP Connector

Overview

The LDAP Connector provides access to a variety of LDAP based systems. The Connector supports both LDAP version 2 and 3.  

Note that, unlike most Connectors, while inserting an object into an LDAP directory, you have to specify the object class attribute, the $dn attribute as well as the other attributes. The following code sample, if inserted in the Prolog, will define an attribute that you will be able to use later.

// This variable used to set the object class attribute
var objectClass = system.newAttribute ("objectclass");
objectClass.addValue ("top");
objectClass.addValue ("person");
objectClass.addValue ("inetorgperson");
objectClass.addValue ("organizationalPerson");

Then your LDAP Connectors must have an attribute called objectclass with the following assignment:  ret.value = objectClass

(To see what kind of attributes the  person class has, see http://ldap.hklc.com/objectclass.html?objectclass=person . You will there see that you must supply a sn and cn attribute in your update/add Connector)

In the Connector, you will also need the $dn attribute that describes the builds up the distinguished name, assuming an attribute in the work object called iuid you will typically have code like

var tuid = work.getString("iuid");
ret.value = "uid= " + tuid + ",ou=people,o=metamerge.com";

Note that the two special attributes $dn and objectclass should usually not be included in Modification in Update mode unless you want to move entries in addition to updating them.

Configuration

The Connector needs the following parameters:

Parameter

Description

connectorType com.architech.connector.rscLdap
connectorFlags Flags to enable specific behaviour.

{deleteEmptyStrings}
This flag causes the Connector to remove attributes containing only an empty string as value before updating the directory. See Notes for a full explanation. If you are using a LDAP version 3 server, you should definitely use this flag as the value of an attribute cannot be an empty sting.

ldapUrl The LDAP URL for the connection. (ldap://host:port)
ldapUsername The distinguished name used for authentication to the server
ldapPassword The credentials (password)
ldapAuthenticationMethod The authentication method.  Possible values are

CRAM-MD5 - use the CRAM-MD5 (RFC-2195) SASL mechanism

none - use no authentication (anonymous)

simple - use weak authentication (cleartext password)

If not specified default (simple) is used. If ldapUsername and ldapPassword is blank then anonymous is used.

ldapSearchBase The search base to be used when iterating the directory. Specify a distinguished name. Some directories allow you to specify a blank string which defaults to whatever the server is configured to do. Other directory services require this to be a valid distinguished name in the directory.
ldapSearchFilter The search filter to be used when iterating the directory.
ldapNameParameter Specify which parameter in the AssemblyLine entry is used for naming the entry. This is used during add, modify and delete operations and returned during read, search operations. If not specified "$DN" is used.
ldapPump Some directories may not allow you to retreive more than a specific number of entries pr search request called the size limit. If you are iterating a directory and this size limit is reached, the Connector will use the first and second character in this parameter to "pump" the directory service. If this parameter is specified as "AZ" the Connector will start with "A*" and repeatedly execute search operations to the directory until all entries has been returned. The pumping is recursive, so if a search of "A*" hits the size limit, the Connector will search "AA*", "AB*" etc until all entries are returned.

If this parameter is blank or not present the Connector will abort on size limits.

Be careful when using this parameter. Some directory servers are known to return a size limit after reading all entries from a search so this method is not bullet proof. The latter may cause the Connector to read and process entries more than once.

ldapReturnAttributes 1) A comma separated list of attribute names to return during read/lookup operations. If not specified all attributes are returned.
ldapPageSize 1) A number.
If specified the LDAP Connector will try to use paged mode search. Paged mode cause the directory server to return a specific number of entries (called pages) instead of all entries in one chunk. Not all directory servers support this option.

Do not specify ldapPump and this parameter at the same time.

1) Available from version 2000.3.57 and up

Notes

  • If you cannot connect to your directory, make sure the  Use SSL flag (under Configuration) is set according to what the directory expects ...
  • When connectorFlags contains the value {deleteEmptyStrings} then for each attribute, the LDAP Connector will remove empty string values. This will possibly leave the attribute with no values (i.e. empty value set) If an attribute has an empty value set then a modify operation will DELETE the attribute from the entry in the directory. An add operation will never include an empty attribute since this is not "legal". Else modify entry will REPLACE the attribute value(s) 
  • When connectorFlags does NOT contain {deleteEmptyStrings} then empty strings are passed as legal values to the directory server. Most servers interpret a REPLACE request with an empty string as the same as removing the attribute altogether. If you want to control this behaviour yourself you can always call a function in your "Before Update" handler to modify the entry as in: 
removeBlanks (work);
function removeBlanks (entry) {
	var list = entry.getAttributeNames();
	for (i = 0; i < list.lenght; i++) {
		if (entry.getString(list[i]) == "") {
			entry.removeAttribute (list[i]);
		}
	}
}

 Downloads

Included in base product

See Also

JNDI Connector

 

 

*
  Metamerge Integrator version 4.5 ©Copyright Metamerge AS 2000-2002 Last edited 2002-04-30 contact us