h1. LDAP Translator |
{color:#333333}The LDAP translator, known by the type name {color}{color:#333333}{_}ldap{_}{color}{color:#333333}, name {_}ldap{_}, exposes an LDAP directory tree relationally with pushdown support for filtering via criteria. This is typically coupled with the LDAP resource adapter.{color} |
|
{color:#333333}{*}Execution Properties{*}{color}{color:#333333} {color} || {color:#000000}Name{color} || {color:#000000}Description{color} || {color:#000000}Default{color} || | {color:#333333}SearchDerfaultBaseDN{color} | {color:#333333}Default Base DN for LDAP Searches{color} | {color:#333333}null{color} | |
{*}Execution Properties{*} || Name || Description || Default || | SearchDerfaultBaseDN | Default Base DN for LDAP Searches | null | |
| {color:#333333}SearchDefaultScope{color} SearchDefaultScope | {color:#333333}Default Scope for LDAP Searches. Can be one of SUBTREE_SCOPE, OBJECT_SCOPE, ONELEVEL_SCOPE.{color} | {color:#333333}ONELEVEL_SCOPE{color} ONELEVEL_SCOPE | |
| {color:#333333}RestrictToObjectClass{color} RestrictToObjectClass | {color:#333333}Restrict Searches to objectClass named in the Name field for a table{color} | {color:#333333}false{color} false | |
| {color:#333333}UsePagination{color} UsePagination | {color:#333333}Use a PagedResultsControl to page through large results. This is not supported by all directory servers.{color} | {color:#333333}false{color} false | |
| {color:#333333}ExceptionOnSizeLimitExceeded{color} ExceptionOnSizeLimitExceeded | {color:#333333}Set to true to throw an exception when a SizeLimitExceededException is received and a LIMIT is not properly enforced.{color} | {color:#333333}false{color} false | |
{color:#333333}There are no import settings for the ldap translator; it also does not provide metadata.{color} |
h3. Metadata Directives |
{color:#333333}String columns with a default value of "multivalued-concat" will concatinate all attribute values together in alphabetical order using a ? delimiter. If a multivalued attribute does not have a default value of "multivalued-concat", then any value may be returned.{color} |
h3. Native Queries |
{color:#333333}LDAP procedures may optionally have native queries associated with them - see {color}[Parameterizable Native Queries|Translators#native]. The operation prefix (select;, insert;, update;, delete; - see the native procedure logic below for more) must be present in the native-query, but it will not be issued as part of the query to the source. |
|
{code:sql|title=Example DDL for an LDAP native procedure} CREATE FOREIGN PROCEDURE proc (arg1 integer, arg2 string) OPTIONS ("teiid_rel:native-query" 'search;context-name=corporate;filter=(&(objectCategory=person)(objectClass=user)(!cn=$2));count-limit=5;timeout=$1;search-scope=ONELEVEL_SCOPE;attributes=uid,cn') returns (col1 string, col2 string); {code} |
{note} {color:#333333}Parameter values have reserved characters escaped, but are otherwise directly substituted into the query.{color}{note} |
|
h4. Native Procedure |
{note}Parameter values will have reserved characters escaped, but are otherwise directly substituted into the query.{note} |
|
h4. Direct Query Procedure |
{warning} |
{color:#333333}This feature is turned off by default because of the security risk this exposes to execute any command against the source. To enable this feature, override the translator property called "SupportsNativeQueries" to true. Look for {color}[Override Execution Properties|Translators#Override Execution Properties] above. |
This feature is turned off by default because of the security risk this exposes to execute any command against the source. To enable this feature, [override the execution property|Translators#Override Execution Properties] called _SupportsDirectQueryProcedure_ to true. |
{warning} |
{color:#333333}LDAP translator provides a procedure with name {color}{color:#333333}{*}native{*}{color}{color:#333333} that gives ability to execute any ad-hoc native LDAP queries directly against the source without any Teiid parsing or resolving. The metadata of this procedure's execution results are not known to the Teiid, and they are returned as object array. User can use {color}[ARRAYTABLE] construct to build tabular output for consumption by client applications. Since there is no known direct query language for LDAP, Teiid exposes this procedure with a simple query structure as below |
{info:tip=Name of the Direct Procedure} By default the name of the procedure that executes the queries directly is *native*. [Override the execution property|Translators#Override Execution Properties] _DirectQueryProcedureName_ to change it to another name. {info} |
|
The LDAP translator provides a procedure to execute any ad-hoc LDAP query directly against the source without Teiid parsing or resolving. Since the metadata of this procedure's results are not known to Teiid, they are returned as an object array. [ARRAYTABLE] can be used construct tabular output for consumption by client applications. |
h5. Search |
... |
{code} |
{color:#333333}from the above code, the "{color}{color:#333333}{*}search{*}{color}{color:#333333}" "{*}search{*}" keyword followed by below properties. Each property must be delimited by semi-colon (\;) If a property contains a semi-colon (\;), it should be escaped by another semi-colon - see also{color}[Parameterizable Native Queries|Translators#native] and the native-query procedure example above. |
|| {color:#000000}Name{color} || {color:#000000}Description{color} || {color:#000000}Required{color} || | {color:#333333}context-name{color} | {color:#333333}LDAP Context name{color} | {color:#333333}Yes{color} | | {color:#333333}filter{color} | {color:#333333}query to filter the records in the context{color} | {color:#333333}No{color} | | {color:#333333}count-limit{color} | {color:#333333}limit the number of results. same as using LIMIT{color} | {color:#333333}No{color} | | {color:#333333}timeout{color} | {color:#333333}Time out the query if not finished in given milliseconds{color} | {color:#333333}No{color} | | {color:#333333}search-scope{color} | {color:#333333}LDAP search scope, one of SUBTREE_SCOPE, OBJECT_SCOPE, ONELEVEL_SCOPE{color} | {color:#333333}No{color} | | {color:#333333}attributes{color} | {color:#333333}attributes to retrieve{color} | {color:#333333}Yes{color} | |
|| Name || Description || Required || | context-name | LDAP Context name | Yes | | filter | query to filter the records in the context | No | | count-limit | limit the number of results. same as using LIMIT | No | | timeout | Time out the query if not finished in given milliseconds | No | | search-scope | LDAP search scope, one of SUBTREE_SCOPE, OBJECT_SCOPE, ONELEVEL_SCOPE | No | | attributes | attributes to retrieve | Yes | |
|
h5. Delete {code:lang=SQL|title=Delete Example} |
... |
{code} |
{color:#333333}form the above code, the "{color}{color:#333333}{*}delete{*}{color}{color:#333333}" "{*}delete{*}" keyword followed the "DN" string. All the string contents after the "delete;" used as DN.{color} |
h5. Create or Update |
... |
{code} |
{color:#333333}form the above code, the "{color}{color:#333333}{*}create{*}{color}{color:#333333}" "{*}create{*}" keyword followed the "DN" string. All the string contents after the "create;" is used as DN. It also takes one property called "attributes" which is comma separated list of attributes. The values for each attribute is specified as separate argument to the "native" procedure.{color} |
|
{color:#333333}Update is similar to create{color} |
Update is similar to create |
{code:lang=SQL|title=Update Example} |
... |
{code} |
{info:tip=Name of the Native Procedure} {color:#333333}By default the name of the procedure that executes the queries directly is called {color}{color:#333333}{*}native{*}{color}{color:#333333}, however than can{color} {color:#333333}be set via an override execution property in the vdb.xml file.{color}{info} |
h3. {*}JCA Resource Adapter{*} |
|
h3. {color:#000000}{*}JCA Resource Adapter{*}{color} |
{color:#333333}The resource adapter for this translator provided through "LDAP Data Source", Refer to Admin Guide for configuration.{color} |
The LDAP translator, known by the type name ldap, exposes an LDAP directory tree relationally with pushdown support for filtering via criteria. This is typically coupled with the LDAP resource adapter.
Execution Properties
Name | Description | Default |
---|---|---|
SearchDerfaultBaseDN | Default Base DN for LDAP Searches | null |
SearchDefaultScope | Default Scope for LDAP Searches. Can be one of SUBTREE_SCOPE, OBJECT_SCOPE, ONELEVEL_SCOPE. | ONELEVEL_SCOPE |
RestrictToObjectClass | Restrict Searches to objectClass named in the Name field for a table | false |
UsePagination | Use a PagedResultsControl to page through large results. This is not supported by all directory servers. | false |
ExceptionOnSizeLimitExceeded | Set to true to throw an exception when a SizeLimitExceededException is received and a LIMIT is not properly enforced. | false |
There are no import settings for the ldap translator; it also does not provide metadata.
String columns with a default value of "multivalued-concat" will concatinate all attribute values together in alphabetical order using a ? delimiter. If a multivalued attribute does not have a default value of "multivalued-concat", then any value may be returned.
LDAP procedures may optionally have native queries associated with them - see Parameterizable Native Queries. The operation prefix (select;, insert;, update;, delete; - see below for more) must be present in the native-query, but it will not be issued as part of the query to the source.
CREATE FOREIGN PROCEDURE proc (arg1 integer, arg2 string) OPTIONS ("teiid_rel:native-query" 'search;context-name=corporate;filter=(&(objectCategory=person)(objectClass=user)(!cn=$2));count-limit=5;timeout=$1;search-scope=ONELEVEL_SCOPE;attributes=uid,cn') returns (col1 string, col2 string);
Parameter values will have reserved characters escaped, but are otherwise directly substituted into the query. |
This feature is turned off by default because of the security risk this exposes to execute any command against the source. To enable this feature, override the execution property called SupportsDirectQueryProcedure to true. |
By default the name of the procedure that executes the queries directly is native. Override the execution property DirectQueryProcedureName to change it to another name. |
The LDAP translator provides a procedure to execute any ad-hoc LDAP query directly against the source without Teiid parsing or resolving. Since the metadata of this procedure's results are not known to Teiid, they are returned as an object array. ARRAYTABLE can be used construct tabular output for consumption by client applications.
SELECT x.* FROM (call pm1.native('search;context-name=corporate;filter=(objectClass=*);count-limit=5;timeout=6;search-scope=ONELEVEL_SCOPE;attributes=uid,cn')) w, ARRAYTABLE(w.tuple COLUMNS "uid" string , "cn" string) AS x
from the above code, the "search" keyword followed by below properties. Each property must be delimited by semi-colon (;) If a property contains a semi-colon (;), it should be escaped by another semi-colon - see alsoParameterizable Native Queries and the native-query procedure example above.
Name | Description | Required |
---|---|---|
context-name | LDAP Context name | Yes |
filter | query to filter the records in the context | No |
count-limit | limit the number of results. same as using LIMIT | No |
timeout | Time out the query if not finished in given milliseconds | No |
search-scope | LDAP search scope, one of SUBTREE_SCOPE, OBJECT_SCOPE, ONELEVEL_SCOPE | No |
attributes | attributes to retrieve | Yes |
SELECT x.* FROM (call pm1.native('delete;uid=doe,ou=people,o=teiid.org')) w, ARRAYTABLE(w.tuple COLUMNS "updatecount" integer) AS x
form the above code, the "delete" keyword followed the "DN" string. All the string contents after the "delete;" used as DN.
SELECT x.* FROM (call pm1.native('create;uid=doe,ou=people,o=teiid.org;attributes=one,two,three', 'one', 2, 3.0)) w, ARRAYTABLE(w.tuple COLUMNS "update_count" integer) AS x
form the above code, the "create" keyword followed the "DN" string. All the string contents after the "create;" is used as DN. It also takes one property called "attributes" which is comma separated list of attributes. The values for each attribute is specified as separate argument to the "native" procedure.
Update is similar to create
SELECT x.* FROM (call pm1.native('update;uid=doe,ou=people,o=teiid.org;attributes=one,two,three', 'one', 2, 3.0)) w, ARRAYTABLE(w.tuple COLUMNS "update_count" integer) AS x
The resource adapter for this translator provided through "LDAP Data Source", Refer to Admin Guide for configuration.