TRANSFORMER
LDAP source
An LDAP source is used to retrieve data from a Lightweight Directory Access Protocol (LDAP) server. It is normally used with an Object target either a User target or a Group target to load users and/or groups into the BMP system.
Use of LDAP source assumes knowledge of the LDAP schema and LDAP syntax.
|
1. If the user exists, login 2. If the user does not exist, try to authenticate based on the groups that are defined in BMP, and the user is created if member of a group. If not, authentication fails and no user is created. This means that it is not necessary to import users. Only the groups users are members of need to be defined. |
Users are automatically created during login if they do not exist, based on their LDAP group membership as defined in BMP:
Creating an LDAP source
Right click in the Transformer design panel and choose Source -> LDAP source. Now double click the LDAP source icon to configure.
Properties
Connection
-
URL - a url containing the address to the LDAP server using the following syntax: ldap://<domain controller ip/hostname>:<port>/dc=domainname,dc=domainsuffix
-
Anonymous access - check the box to allow anonymous queries
-
User name - for logging on to the LDAP server using the following syntax:
<user> @<domain>. SO
-
Password - for logging on to the LDAP server
General
-
Name - the name "LDAP source" is generated automatically but it may be changed
-
Description - an optional text describing the source
Criteria
-
Search filter - used to specify what to search for, e.g. "All persons". The filter follows RFC 2254 syntax
-
Search base - specifies the node in the LDAP tree from which the search should be executed, relative to the LDAP URL
-
Fields - an array (list) of the fields (attributes) to be retrieved, e.g. "givenname" or "surname"
Use Enter to separate the names. In the Properties panel they will be separated by
a semicolon.
-
Include name - whether to include the 'Name' column; default is checked. The 'Name' column is always generated, but will only be included if the box is checked.
If 'Name' is included in Fields, Include name should not be marked. If so,
the 'Name' column will be empty.
See below for examples.
Audit
-
Modified by - the name of the last user to make changes to the object.
-
Last modified - the date and time when the object was last changed.
-
Created by - the name of the user who created the object.
-
Created - the date and time when the object was created.
Advanced
Criteria
-
Normalize names - mark the box to have the Distinguished Names converted to 'dot-separated' names, i.e. separated by periods (full stops).
-
Alias dereference - specifies how the directory server should treat aliases during the search. The possible values are:
-
Always - the directory server resolves all aliases during the search. This can have a serious impact on performance if there are many aliased objects in the directory tree.
-
Never - the directory server does not resolve any aliases during the search. If the alias matches the search criteria, a reference to the actual object is returned. "Never" is default.
-
Finding - Dereferences aliases only during name resolution
-
Searching - Dereferences aliases only after name resolution
-
-
Referrals - specifies how the directory server should treat referrals during the search. A referral is an entity that is used to redirect a client's request to another server, e.g. point to another server where the actual object is stored. The possible values are:
-
Ignore - Referrals are ignored
-
Follow- Referrals are automatically followed during the search (default)
-
Other
-
Additional properties - allows the user to enter a list of properties and values that can supplement or even override the defaults, e.g. key=value. The LDAP source will add these to the connection to the LDAP server when it is created, i.e. to deal with special cases where default values are not adequate.
