<html>
<head>
<base href="https://docs.jboss.org/author">
<link rel="stylesheet" href="/author/s/en/2172/19/5/_/styles/combined.css?spaceKey=TEIID&forWysiwyg=true" type="text/css">
</head>
<body style="background: white;" bgcolor="white" class="email-body">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
<h2><a href="https://docs.jboss.org/author/display/TEIID/LDAP+Translator">LDAP Translator</a></h2>
<h4>Page <b>edited</b> by <a href="https://docs.jboss.org/author/display/~shawkins">Steven Hawkins</a>
</h4>
<br/>
<h4>Changes (35)</h4>
<div id="page-diffs">
<table class="diff" cellpadding="0" cellspacing="0">
<tr><td class="diff-unchanged" >h1. LDAP Translator <br> <br></td></tr>
<tr><td class="diff-changed-lines" >The LDAP translator is implemented by the org.teiid.translator.ldap.LDAPExecutionFactory class and known by the translator type name ldap. The LDAP translator exposes an LDAP directory tree relationally with pushdown support for filtering via criteria. This is typically coupled with the LDAP resource <span class="diff-changed-words">adapter.<span class="diff-deleted-chars"style="color:#999;background-color:#fdd;text-decoration:line-through;">&nbsp;</span></span> <br></td></tr>
<tr><td class="diff-unchanged" > <br>{note} <br></td></tr>
<tr><td class="diff-snipped" >...<br></td></tr>
<tr><td class="diff-unchanged" >{note} <br> <br></td></tr>
<tr><td class="diff-changed-lines" >*Execution <span class="diff-changed-words">Properties*<span class="diff-deleted-chars"style="color:#999;background-color:#fdd;text-decoration:line-through;">&nbsp;</span></span> <br></td></tr>
<tr><td class="diff-unchanged" >|| Name || Description || Default || <br>| SearchDerfaultBaseDN | Default Base DN for LDAP Searches | null | <br></td></tr>
<tr><td class="diff-snipped" >...<br></td></tr>
<tr><td class="diff-unchanged" >h5. Unwrap <br> <br></td></tr>
<tr><td class="diff-changed-lines" >If the execution property unwrapMultiValued is set to true, then 1 multi-valued attribute per table may be expanded such that each value produces 1 row of output. <span class="diff-added-words"style="background-color: #dfd;">All other multi-valued attributes on the same table must be represented by arrays or multi-value concat. </span> Insert/update/delete will not function as expected. <br></td></tr>
<tr><td class="diff-unchanged" > <br></td></tr>
<tr><td class="diff-added-lines" style="background-color: #dfd;">For example here is ddl with uniqueMember unwrapped: <br> <br>{code}create foreign table ldap_groups (DN string, name string options (nameinsource 'cn'), uniqueMember string) options (nameinsource 'ou=groups,dc=teiid,dc=org', updatable true){code} <br> <br>With the execution property set via a translator override: <br> <br>{code} <br> <model name="HRModel"> <br> <source name="local" translator-name="my-ldap" connection-jndi-name="java:/ldapDS"/> <br> </model> <br> ... <br> <translator name="my-ldap" type="ldap"> <br> <property name="unwrapMultiValued" value="true"/> <br> </translator> <br>{code} <br> <br>The result from "select * from ldap_groups" will then produce 1 row for each uniqueMember. If there are no values, then a single row with a null value will be produced. <br> <br></td></tr>
<tr><td class="diff-unchanged" >h3. Native Queries <br> <br></td></tr>
<tr><td class="diff-changed-lines" >LDAP procedures may optionally have native queries associated with them - <span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">see&nbsp;[Parameterizable</span> <span class="diff-added-words"style="background-color: #dfd;">see [Parameterizable</span> Native Queries|Translators#native]. The operation prefix (select;, insert;, update;, delete; - see below for more) must be present in the native-query, but it will not be issued as part of the query to the source. <br></td></tr>
<tr><td class="diff-unchanged" > <br>{code:sql|title=Example DDL for an LDAP native procedure} <br></td></tr>
<tr><td class="diff-snipped" >...<br></td></tr>
<tr><td class="diff-unchanged" >{code} <br> <br></td></tr>
<tr><td class="diff-changed-lines" >from the above code, the "*search*" keyword followed by below properties. Each property must be delimited by semi-colon (\;) If a property contains a semi-colon (\;), it should be escaped by another semi-colon - see also[Parameterizable Native <span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">Queries|Translators#native]&nbsp;and</span> <span class="diff-added-words"style="background-color: #dfd;">Queries|Translators#native] and</span> the native-query procedure example above. <br></td></tr>
<tr><td class="diff-unchanged" >|| Name || Description || Required || <br>| context-name | LDAP Context name | Yes | <br></td></tr>
<tr><td class="diff-snipped" >...<br></td></tr>
<tr><td class="diff-unchanged" ><?xml version="1.0" encoding="UTF-8" standalone="yes"?> <br><vdb name="ldapVDB" version="1"> <br></td></tr>
<tr><td class="diff-changed-lines" ><span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">&nbsp;&nbsp;&nbsp;</span> <model name="HRModel"> <br></td></tr>
<tr><td class="diff-changed-lines" ><span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span> <source name="local" translator-name="translator-ldap" connection-jndi-name="java:/ldapDS"/> <br></td></tr>
<tr><td class="diff-changed-lines" ><span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">&nbsp;&nbsp;&nbsp;</span> </model> <br></td></tr>
<tr><td class="diff-unchanged" ></vdb> <br>{panel} <br></td></tr>
<tr><td class="diff-snipped" >...<br></td></tr>
<tr><td class="diff-unchanged" >{panel} <br><resource-adapter id="ldapQS"> <br></td></tr>
<tr><td class="diff-changed-lines" ><span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">&nbsp;&nbsp;&nbsp;</span> <module slot="main" id="org.jboss.teiid.resource-adapter.ldap"/> <br></td></tr>
<tr><td class="diff-changed-lines" ><span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">&nbsp;&nbsp;&nbsp;</span> <connection-definitions> <br></td></tr>
<tr><td class="diff-changed-lines" ><span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span> <connection-definition class-name="org.teiid.resource.adapter.ldap.LDAPManagedConnectionFactory" jndi-name="java:/ldapDS" enabled="true" use-java-context="true" pool-name="ldapDS"> <br></td></tr>
<tr><td class="diff-changed-lines" ><span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span> <config-property name="LdapAdminUserPassword"> <br></td></tr>
<tr><td class="diff-changed-lines" ><span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span> redhat <br></td></tr>
<tr><td class="diff-changed-lines" ><span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span> </config-property> <br></td></tr>
<tr><td class="diff-changed-lines" ><span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span> <config-property name="LdapAdminUserDN"> <br></td></tr>
<tr><td class="diff-changed-lines" ><span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span> cn=Manager,dc=example,dc=com <br></td></tr>
<tr><td class="diff-changed-lines" ><span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span> </config-property> <br></td></tr>
<tr><td class="diff-changed-lines" ><span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span> <config-property name="LdapUrl"> <br></td></tr>
<tr><td class="diff-changed-lines" ><span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span> ldap://localhost:389 <br></td></tr>
<tr><td class="diff-changed-lines" ><span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span> </config-property> <br></td></tr>
<tr><td class="diff-changed-lines" ><span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span> </connection-definition> <br></td></tr>
<tr><td class="diff-changed-lines" ><span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">&nbsp;&nbsp;&nbsp;</span> </connection-definitions> <br></td></tr>
<tr><td class="diff-unchanged" ></resource-adapter> <br>{panel} <br></td></tr>
<tr><td class="diff-snipped" >...<br></td></tr>
<tr><td class="diff-unchanged" ><?xml version="1.0" encoding="UTF-8" standalone="yes"?> <br><vdb name="ldapVDB" version="1"> <br></td></tr>
<tr><td class="diff-changed-lines" ><span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">&nbsp;&nbsp;&nbsp;</span> <model name="HRModel"> <br></td></tr>
<tr><td class="diff-changed-lines" ><span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span> <metadata type="DDL"><\!\[CDATA\[ <br></td></tr>
<tr><td class="diff-changed-lines" ><span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span> CREATE FOREIGN TABLE HR_Group ( <br></td></tr>
<tr><td class="diff-changed-lines" ><span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span> DN string options (nameinsource 'dn'), <br></td></tr>
<tr><td class="diff-changed-lines" ><span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span> SN string options (nameinsource 'sn'), <br></td></tr>
<tr><td class="diff-changed-lines" ><span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span> UID string options (nameinsource 'uid'), <br></td></tr>
<tr><td class="diff-changed-lines" ><span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span> MAIL string options (nameinsource 'mail'), <br></td></tr>
<tr><td class="diff-changed-lines" ><span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span> NAME string options (nameinsource 'cn') <br></td></tr>
<tr><td class="diff-changed-lines" ><span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span> ) OPTIONS(nameinsource 'ou=HR,dc=example,dc=com', updatable true); <br></td></tr>
<tr><td class="diff-changed-lines" ><span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span> \]\]> <br></td></tr>
<tr><td class="diff-changed-lines" ><span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span> </metadata> <br></td></tr>
<tr><td class="diff-changed-lines" ><span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">&nbsp;&nbsp;&nbsp;</span> </model> <br></td></tr>
<tr><td class="diff-unchanged" ></vdb> <br>{panel} <br></td></tr>
<tr><td class="diff-snipped" >...<br></td></tr>
</table>
</div> <h4>Full Content</h4>
<div class="notificationGreySide">
<h1><a name="LDAPTranslator-LDAPTranslator"></a>LDAP Translator</h1>
<p>The LDAP translator is implemented by the org.teiid.translator.ldap.LDAPExecutionFactory class and known by the translator type name ldap. The LDAP translator exposes an LDAP directory tree relationally with pushdown support for filtering via criteria. This is typically coupled with the LDAP resource adapter. </p>
<div class='panelMacro'><table class='noteMacro'><colgroup><col width='24'><col></colgroup><tr><td valign='top'><img src="/author/images/icons/emoticons/warning.gif" width="16" height="16" align="absmiddle" alt="" border="0"></td><td>The resource adapter for this translator is provided by configuring the ldap data source in the JBoss EAP instance.</td></tr></table></div>
<p><b>Execution Properties</b> </p>
<div class='table-wrap'>
<table class='confluenceTable'><tbody>
<tr>
<th class='confluenceTh'> Name </th>
<th class='confluenceTh'> Description </th>
<th class='confluenceTh'> Default </th>
</tr>
<tr>
<td class='confluenceTd'> SearchDerfaultBaseDN </td>
<td class='confluenceTd'> Default Base DN for LDAP Searches </td>
<td class='confluenceTd'> null </td>
</tr>
<tr>
<td class='confluenceTd'> SearchDefaultScope </td>
<td class='confluenceTd'> Default Scope for LDAP Searches. Can be one of SUBTREE_SCOPE, OBJECT_SCOPE, ONELEVEL_SCOPE. </td>
<td class='confluenceTd'> ONELEVEL_SCOPE </td>
</tr>
<tr>
<td class='confluenceTd'> RestrictToObjectClass </td>
<td class='confluenceTd'> Restrict Searches to objectClass named in the Name field for a table </td>
<td class='confluenceTd'> false </td>
</tr>
<tr>
<td class='confluenceTd'> UsePagination </td>
<td class='confluenceTd'> Use a PagedResultsControl to page through large results. This is not supported by all directory servers. </td>
<td class='confluenceTd'> false </td>
</tr>
<tr>
<td class='confluenceTd'> ExceptionOnSizeLimitExceeded </td>
<td class='confluenceTd'> Set to true to throw an exception when a SizeLimitExceededException is received and a LIMIT is not properly enforced. </td>
<td class='confluenceTd'> false </td>
</tr>
</tbody></table>
</div>
<p>There are no import settings for the ldap translator; it also does not provide metadata.</p>
<h3><a name="LDAPTranslator-MultipleAttributeValueSupport"></a>Multiple Attribute Value Support</h3>
<p>If one of the methods below is not used and the attribute is mapped to a non-array type, then any value may be returned on a read operation. Also insert/update/delete support will not be multi-value aware.</p>
<h5><a name="LDAPTranslator-Concatenation"></a>Concatenation</h5>
<p>String columns with a default value of "multivalued-concat" will concatenate all attribute values together in alphabetical order using a ? delimiter. Insert/update will function as expected if all applicable values are supplied in the concatenated format.</p>
<h5><a name="LDAPTranslator-Arraysupport"></a>Array support</h5>
<p>Multiple attribute values may also supported as an array type. The array type mapping also allows for insert/update operations.</p>
<p>For example here is ddl with objectClass and uniqueMember as arrays:</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="theme: Confluence; brush: java; gutter: false" style="font-size:12px; font-family: ConfluenceInstalledFont,monospace;">create foreign table ldap_groups (objectClass string[], DN string, name string options (nameinsource 'cn'), uniqueMember string[]) options (nameinsource 'ou=groups,dc=teiid,dc=org', updatable true)</pre>
</div></div>
<p>The array values can be retrieved with a SELECT. An example insert with array values could look like:</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="theme: Confluence; brush: java; gutter: false" style="font-size:12px; font-family: ConfluenceInstalledFont,monospace;">insert into ldap_groups (objectClass, DN, name, uniqueMember) values (('top', 'groupOfUniqueNames'), 'cn=a,ou=groups,dc=teiid,dc=org', 'a', ('cn=Sam Smith,ou=people,dc=teiid,dc=org',))</pre>
</div></div>
<h5><a name="LDAPTranslator-Unwrap"></a>Unwrap</h5>
<p>If the execution property unwrapMultiValued is set to true, then 1 multi-valued attribute per table may be expanded such that each value produces 1 row of output. All other multi-valued attributes on the same table must be represented by arrays or multi-value concat. Insert/update/delete will not function as expected.</p>
<p>For example here is ddl with uniqueMember unwrapped:</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="theme: Confluence; brush: java; gutter: false" style="font-size:12px; font-family: ConfluenceInstalledFont,monospace;">create foreign table ldap_groups (DN string, name string options (nameinsource 'cn'), uniqueMember string) options (nameinsource 'ou=groups,dc=teiid,dc=org', updatable true)</pre>
</div></div>
<p>With the execution property set via a translator override:</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="theme: Confluence; brush: java; gutter: false" style="font-size:12px; font-family: ConfluenceInstalledFont,monospace;">
<model name="HRModel">
<source name="local" translator-name="my-ldap" connection-jndi-name="java:/ldapDS"/>
</model>
...
<translator name="my-ldap" type="ldap">
<property name="unwrapMultiValued" value="true"/>
</translator>
</pre>
</div></div>
<p>The result from "select * from ldap_groups" will then produce 1 row for each uniqueMember. If there are no values, then a single row with a null value will be produced.</p>
<h3><a name="LDAPTranslator-NativeQueries"></a>Native Queries</h3>
<p>LDAP procedures may optionally have native queries associated with them - see <a href="/author/display/TEIID/Translators#Translators-native">Parameterizable Native Queries</a>. The operation prefix (select;, insert;, update;, delete; - see below for more) must be present in the native-query, but it will not be issued as part of the query to the source.</p>
<div class="code panel" style="border-width: 1px;"><div class="codeHeader panelHeader" style="border-bottom-width: 1px;"><b>Example DDL for an LDAP native procedure</b></div><div class="codeContent panelContent">
<pre class="theme: Confluence; brush: sql; gutter: false" style="font-size:12px; font-family: ConfluenceInstalledFont,monospace;">
CREATE FOREIGN PROCEDURE proc (arg1 integer, arg2 string) OPTIONS ("teiid_rel:native-query" 'search;context-name=corporate;filter=(&(objectCategory=person)(objectClass=user)(!cn=$2));count-limit=5;timeout=$1;search-scope=ONELEVEL_SCOPE;attributes=uid,cn') returns (col1 string, col2 string);
</pre>
</div></div>
<div class='panelMacro'><table class='noteMacro'><colgroup><col width='24'><col></colgroup><tr><td valign='top'><img src="/author/images/icons/emoticons/warning.gif" width="16" height="16" align="absmiddle" alt="" border="0"></td><td>Parameter values will have reserved characters escaped, but are otherwise directly substituted into the query.</td></tr></table></div>
<h4><a name="LDAPTranslator-DirectQueryProcedure"></a>Direct Query Procedure</h4>
<div class='panelMacro'><table class='warningMacro'><colgroup><col width='24'><col></colgroup><tr><td valign='top'><img src="/author/images/icons/emoticons/forbidden.gif" width="16" height="16" align="absmiddle" alt="" border="0"></td><td>This feature is turned off by default because of the security risk this exposes to execute any command against the source. To enable this feature, <a href="/author/display/TEIID/Translators#Translators-OverrideExecutionProperties">override the execution property</a> called <em>SupportsDirectQueryProcedure</em> to true.</td></tr></table></div>
<div class='panelMacro'><table class='infoMacro'><colgroup><col width='24'><col></colgroup><tr><td valign='top'><img src="/author/images/icons/emoticons/information.gif" width="16" height="16" align="absmiddle" alt="" border="0"></td><td>By default the name of the procedure that executes the queries directly is <b>native</b>. <a href="/author/display/TEIID/Translators#Translators-OverrideExecutionProperties">Override the execution property</a> <em>DirectQueryProcedureName</em> to change it to another name.</td></tr></table></div>
<p>The LDAP translator provides a procedure to execute any ad-hoc LDAP query directly against the source without Teiid parsing or resolving. Since the metadata of this procedure's results are not known to Teiid, they are returned as an object array. <a href="/author/display/TEIID/ARRAYTABLE" title="ARRAYTABLE">ARRAYTABLE</a> can be used construct tabular output for consumption by client applications.</p>
<h5><a name="LDAPTranslator-Search"></a>Search</h5>
<div class="code panel" style="border-width: 1px;"><div class="codeHeader panelHeader" style="border-bottom-width: 1px;"><b>Search Example</b></div><div class="codeContent panelContent">
<pre class="theme: Confluence; brush: sql; gutter: false" style="font-size:12px; font-family: ConfluenceInstalledFont,monospace;">
SELECT x.* FROM (call pm1.native('search;context-name=corporate;filter=(objectClass=*);count-limit=5;timeout=6;search-scope=ONELEVEL_SCOPE;attributes=uid,cn')) w,
ARRAYTABLE(w.tuple COLUMNS "uid" string , "cn" string) AS x
</pre>
</div></div>
<p>from the above code, the "<b>search</b>" keyword followed by below properties. Each property must be delimited by semi-colon (;) If a property contains a semi-colon (;), it should be escaped by another semi-colon - see also<a href="/author/display/TEIID/Translators#Translators-native">Parameterizable Native Queries</a> and the native-query procedure example above.</p>
<div class='table-wrap'>
<table class='confluenceTable'><tbody>
<tr>
<th class='confluenceTh'> Name </th>
<th class='confluenceTh'> Description </th>
<th class='confluenceTh'> Required </th>
</tr>
<tr>
<td class='confluenceTd'> context-name </td>
<td class='confluenceTd'> LDAP Context name </td>
<td class='confluenceTd'> Yes </td>
</tr>
<tr>
<td class='confluenceTd'> filter </td>
<td class='confluenceTd'> query to filter the records in the context </td>
<td class='confluenceTd'> No </td>
</tr>
<tr>
<td class='confluenceTd'> count-limit </td>
<td class='confluenceTd'> limit the number of results. same as using LIMIT </td>
<td class='confluenceTd'> No </td>
</tr>
<tr>
<td class='confluenceTd'> timeout </td>
<td class='confluenceTd'> Time out the query if not finished in given milliseconds </td>
<td class='confluenceTd'> No </td>
</tr>
<tr>
<td class='confluenceTd'> search-scope </td>
<td class='confluenceTd'> LDAP search scope, one of SUBTREE_SCOPE, OBJECT_SCOPE, ONELEVEL_SCOPE </td>
<td class='confluenceTd'> No </td>
</tr>
<tr>
<td class='confluenceTd'> attributes </td>
<td class='confluenceTd'> attributes to retrieve </td>
<td class='confluenceTd'> Yes </td>
</tr>
</tbody></table>
</div>
<h5><a name="LDAPTranslator-Delete"></a>Delete</h5>
<div class="code panel" style="border-width: 1px;"><div class="codeHeader panelHeader" style="border-bottom-width: 1px;"><b>Delete Example</b></div><div class="codeContent panelContent">
<pre class="theme: Confluence; brush: sql; gutter: false" style="font-size:12px; font-family: ConfluenceInstalledFont,monospace;">
SELECT x.* FROM (call pm1.native('delete;uid=doe,ou=people,o=teiid.org')) w,
ARRAYTABLE(w.tuple COLUMNS "updatecount" integer) AS x
</pre>
</div></div>
<p>form the above code, the "<b>delete</b>" keyword followed the "DN" string. All the string contents after the "delete;" used as DN.</p>
<h5><a name="LDAPTranslator-CreateorUpdate"></a>Create or Update</h5>
<div class="code panel" style="border-width: 1px;"><div class="codeHeader panelHeader" style="border-bottom-width: 1px;"><b>Create Example</b></div><div class="codeContent panelContent">
<pre class="theme: Confluence; brush: sql; gutter: false" style="font-size:12px; font-family: ConfluenceInstalledFont,monospace;">
SELECT x.* FROM
(call pm1.native('create;uid=doe,ou=people,o=teiid.org;attributes=one,two,three', 'one', 2, 3.0)) w,
ARRAYTABLE(w.tuple COLUMNS "update_count" integer) AS x
</pre>
</div></div>
<p>form the above code, the "<b>create</b>" keyword followed the "DN" string. All the string contents after the "create;" is used as DN. It also takes one property called "attributes" which is comma separated list of attributes. The values for each attribute is specified as separate argument to the "native" procedure.</p>
<p>Update is similar to "create".</p>
<div class="code panel" style="border-width: 1px;"><div class="codeHeader panelHeader" style="border-bottom-width: 1px;"><b>Update Example</b></div><div class="codeContent panelContent">
<pre class="theme: Confluence; brush: sql; gutter: false" style="font-size:12px; font-family: ConfluenceInstalledFont,monospace;">
SELECT x.* FROM
(call pm1.native('update;uid=doe,ou=people,o=teiid.org;attributes=one,two,three', 'one', 2, 3.0)) w,
ARRAYTABLE(w.tuple COLUMNS "update_count" integer) AS x
</pre>
</div></div>
<h3><a name="LDAPTranslator-LDAPConnectorCapabilitiesSupport"></a>LDAP Connector Capabilities Support</h3>
<p>LDAP does not provide the same set of functionality as a relational database. The LDAP Connector supports many standard SQL constructs, and performs the job of translating those constructs into an equivalent LDAP search statement. For example, the SQL statement:</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="theme: Confluence; brush: sql; gutter: false" style="font-size:12px; font-family: ConfluenceInstalledFont,monospace;">
SELECT firstname, lastname, guid
FROM public_views.people
WHERE
(lastname='Jones' and firstname IN ('Michael', 'John'))
OR
guid > 600000
</pre>
</div></div>
<p>uses a number of SQL constructs, including:</p>
<ul>
<li>SELECT clause support</li>
<li>select individual element support (firstname, lastname, guid)</li>
<li>FROM support</li>
<li>WHERE clause criteria support</li>
<li>nested criteria support</li>
<li>AND, OR support</li>
<li>Compare criteria (Greater-than) support</li>
<li>IN support</li>
</ul>
<p>The LDAP Connector executes LDAP searches by pushing down the equivalent LDAP search filter whenever possible, based on the supported capabilities. Teiid automatically provides additional database functionality when the LDAP Connector does not explicitly provide support for a given SQL construct. In these cases, the SQL construct cannot be pushed down to the data source, so it will be evaluated in Teiid, in order to ensure that the operation is performed.<br/>
In cases where certain SQL capabilities cannot be pushed down to LDAP, Teiid pushes down the capabilities that are supported, and fetches a set of data from LDAP. Teiid then evaluates the additional capabilities, creating a subset of the original data set. Finally, Teiid will pass the result to the client. It is useful to be aware of unsupported capabilities, in order to avoid fetching large data sets from LDAP when possible.</p>
<h5><a name="LDAPTranslator-LDAPConnectorCapabilitiesSupportList"></a>LDAP Connector Capabilities Support List</h5>
<p>The following capabilities are supported in the LDAP Connector, and will be evaluated by LDAP:</p>
<ul>
<li>SELECT queries</li>
<li>SELECT element pushdown (for example, individual attribute selection)</li>
<li>AND criteria</li>
<li>Compare criteria (e.g. <, <=, >, >=, =, !=)</li>
<li>IN criteria</li>
<li>LIKE criteria.</li>
<li>OR criteria</li>
<li>INSERT, UPDATE, DELETE statements (must meet Modeling requirements)</li>
</ul>
<p>Due to the nature of the LDAP source, the following capability is not supported:</p>
<ul>
<li>SELECT queries</li>
</ul>
<p>The following capabilities are not supported in the LDAP Connector, and will be evaluated by Teiid after data is fetched by the connector:</p>
<ul>
<li>Functions</li>
<li>Aggregates</li>
<li>BETWEEN Criteria</li>
<li>Case Expressions</li>
<li>Aliased Groups</li>
<li>Correlated Subqueries</li>
<li>EXISTS Criteria</li>
<li>Joins</li>
<li>Inline views</li>
<li>IS NULL criteria</li>
<li>NOT criteria</li>
<li>ORDER BY</li>
<li>Quantified compare criteria</li>
<li>Row Offset</li>
<li>Searched Case Expressions</li>
<li>Select Distinct</li>
<li>Select Literals</li>
<li>UNION</li>
<li>XA Transactions</li>
</ul>
<h3><a name="LDAPTranslator-Usage"></a>Usage</h3>
<p><a href="https://github.com/teiid/teiid-quickstarts/tree/master/ldap-as-a-datasource" class="external-link" rel="nofollow">ldap-as-a-datasource</a> quickstart demonstrates using the ldap Translator to access data in OpenLDAP Server. The name of the translator to use in vdb.xml is "translator-ldap", for example:</p>
<div class="panel" style="border-width: 1px;"><div class="panelContent">
<p><?xml version="1.0" encoding="UTF-8" standalone="yes"?><br/>
<vdb name="ldapVDB" version="1"><br/>
<model name="HRModel"><br/>
<source name="local" translator-name="translator-ldap" connection-jndi-name="java:/ldapDS"/><br/>
</model><br/>
</vdb></p>
</div></div>
<p>The translator does not provide a connection to the OpenLDAP. For that purpose, Teiid has a JCA adapter that provides a connection to OpenLDAP using the Java Naming API. To define such connector, use the following XML fragment in standalone-teiid.xml. See a example in "<jboss-as>/docs/teiid/datasources/ldap"</p>
<div class="panel" style="border-width: 1px;"><div class="panelContent">
<p><resource-adapter id="ldapQS"><br/>
<module slot="main" id="org.jboss.teiid.resource-adapter.ldap"/><br/>
<connection-definitions><br/>
<connection-definition class-name="org.teiid.resource.adapter.ldap.LDAPManagedConnectionFactory" jndi-name="java:/ldapDS" enabled="true" use-java-context="true" pool-name="ldapDS"><br/>
<config-property name="LdapAdminUserPassword"><br/>
redhat<br/>
</config-property><br/>
<config-property name="LdapAdminUserDN"><br/>
cn=Manager,dc=example,dc=com<br/>
</config-property><br/>
<config-property name="LdapUrl"><br/>
ldap://localhost:389<br/>
</config-property><br/>
</connection-definition><br/>
</connection-definitions><br/>
</resource-adapter></p>
</div></div>
<p>The above defines the translator and connector. For more ways to create the connector see <a href="https://docs.jboss.org/author/display/TEIID/LDAP+Data+Sources" class="external-link" rel="nofollow">LDAP Data Sources</a>, LDAP translator can derive the metadata based on existing Users/Groups in LDAP Server, user need to define the metadata. For example, you can define a schema using DDL:</p>
<div class="panel" style="border-width: 1px;"><div class="panelContent">
<p><?xml version="1.0" encoding="UTF-8" standalone="yes"?><br/>
<vdb name="ldapVDB" version="1"><br/>
<model name="HRModel"><br/>
<metadata type="DDL"><![CDATA[<br/>
CREATE FOREIGN TABLE HR_Group (<br/>
DN string options (nameinsource 'dn'),<br/>
SN string options (nameinsource 'sn'),<br/>
UID string options (nameinsource 'uid'),<br/>
MAIL string options (nameinsource 'mail'),<br/>
NAME string options (nameinsource 'cn')<br/>
) OPTIONS(nameinsource 'ou=HR,dc=example,dc=com', updatable true);<br/>
]]><br/>
</metadata><br/>
</model><br/>
</vdb></p>
</div></div>
<p>when SELECT operation below executed against table using Teiid will retrieve Users/Groups in LDAP Server:</p>
<div class="panel" style="border-width: 1px;"><div class="panelContent">
<p>SELECT * FROM HR_Group</p>
</div></div>
<h3><a name="LDAPTranslator-LDAPAttributeDatatypeSupport"></a>LDAP Attribute Datatype Support</h3>
<p>LDAP providers currently return attribute value types of java.lang.String and byte[], and do not support the ability to return any other attribute value type. The LDAP Connector currently supports attribute value types of java.lang.String only. Therefore, all attributes are modeled using the String datatype in Teiid Designer.<br/>
Conversion functions that are available in Teiid allow you to use models that convert a String value from LDAP into a different data type. Some conversions may be applied implicitly, and do not require the use of any conversion functions. Other conversions must be applied explicitly, via the use of CONVERT functions.<br/>
Since the CONVERT functions are not supported by the underlying LDAP system, they will be evaluated in Teiid. Therefore, if any criteria is evaluated against a converted datatype, that evaluation cannot be pushed to the data source, since the native type is String.</p>
<div class='panelMacro'><table class='noteMacro'><colgroup><col width='24'><col></colgroup><tr><td valign='top'><img src="/author/images/icons/emoticons/warning.gif" width="16" height="16" align="absmiddle" alt="" border="0"></td><td>When converting from String to other types, be aware that criteria against that new data type will not be pushed down to the LDAP data source. This may decrease performance for certain queries.</td></tr></table></div>
<p>As an alternative, the data type can remain a string and the client application can make the conversion, or the client application can circumvent any LDAP supports <= and >=, but has no equivalent for < or >. In order to support < or > pushdown to the source, the LDAP Connector will translate < to <=, and it will translate > to >=.<br/>
When using the LDAP Connector, be aware that strictly-less-than and strictly-greater-than comparisons will behave differently than expected. It is advisable to use <= and >= for queries against an LDAP based data source, since this has a direct mapping to comparison operators in LDAP.</p>
<h3><a name="LDAPTranslator-LDAP%3ATestingYourConnector"></a>LDAP: Testing Your Connector</h3>
<p>You must define LDAP Connector properties accurately or the Teiid server will return unexpected results, or none at all. As you deploy the connector in Console, improper configuration can lead to problems when you attempt to start your connector. You can test your LDAP Connector in Teiid Designer prior to Console deployment by submitting queries at modeling time for verification.</p>
<h3><a name="LDAPTranslator-LDAP%3AConsoleDeploymentIssues"></a>LDAP: Console Deployment Issues</h3>
<p>The Console shows an Exception That Says Error Synchronizing the Server<br/>
If you receive an exception when you synchronize the server and your LDAP Connector is the only service that does not start, it means that there was a problem starting the connector. Verify whether you have correctly typed in your connector properties to resolve this issue.</p>
<h3><a name="LDAPTranslator-JCAResourceAdapter"></a><b>JCA Resource Adapter</b></h3>
<p>The resource adapter for this translator provided through "LDAP Data Source", Refer to Admin Guide for configuration.</p>
</div>
<div id="commentsSection" class="wiki-content pageSection">
<div style="float: right;" class="grey">
<a href="https://docs.jboss.org/author/users/removespacenotification.action?spaceKey=TEIID">Stop watching space</a>
<span style="padding: 0px 5px;">|</span>
<a href="https://docs.jboss.org/author/users/editmyemailsettings.action">Change email notification preferences</a>
</div>
<a href="https://docs.jboss.org/author/display/TEIID/LDAP+Translator">View Online</a>
|
<a href="https://docs.jboss.org/author/pages/diffpagesbyversion.action?pageId=55477036&revisedVersion=15&originalVersion=14">View Changes</a>
|
<a href="https://docs.jboss.org/author/display/TEIID/LDAP+Translator?showComments=true&showCommentArea=true#addcomment">Add Comment</a>
</div>
</div>
</div>
</div>
</div>
</body>
</html>