LDAP Search Entry activity¶
Introduction¶
An LDAP Search Entry activity returns entries in an LDAP endpoint and is intended to be used as a source to provide data to an operation. After configuring an LDAP connection, you can configure as many LDAP activities as you like for each LDAP connection.
Create an LDAP activity¶
An instance of an activity is created from a connection using an activity type.
To create an instance of an activity, drag the activity type to the design canvas or copy the activity type and paste it on the design canvas. For details, see Creating an activity instance in Component reuse.
An existing activity can be edited from these locations:
- The design canvas (see Component actions menu in Design canvas).
- The project pane's Components tab (see Component actions menu in Project pane Components tab).
Configure an LDAP Search Entry activity¶
Follow these steps to configure an LDAP Search Entry activity:
- Step 1: Enter a name and select a structural class
- Step 2: Select auxiliary classes
- Step 3: Specify settings
- Step 4: Review the data schemas
Step 1: Enter a name and select a structural class¶
-
Name: Enter a name to use to identify the LDAP Search Entry activity. The name must be unique for each LDAP Search Entry activity and must not contain forward slashes (
/
) or colons (:
). -
Select Structural Class: This section displays structural classes available in the LDAP endpoint. When reopening an existing activity configuration, only the selected structural class is displayed instead of reloading the entire structural class list.
-
Selected Structural Class: After a structural class is selected, it is listed here.
-
Search: Enter any column's value into the search box to filter the list of structural classes. The search is not case-sensitive. If structural classes are already displayed within the table, the table results are filtered in real time with each keystroke. To reload structural classes from the endpoint when searching, enter search criteria and then refresh, as described below.
-
Refresh: Click the refresh icon or the word Refresh to reload structural classes from the LDAP endpoint. This may be useful if you have recently added structural classes to the LDAP endpoint. This action refreshes all metadata used to build the table of structural classes displayed in the configuration.
-
Selecting a Structural Class: Within the table, click anywhere on a row to select a structural class. Only one structural class can be selected. The information available for each structural class is fetched from the LDAP endpoint:
- Name: The structural class name from the LDAP endpoint.
- Description: The structural class description from the LDAP endpoint.
Tip
If the table does not populate with available structural classes, the LDAP connection may not be successful. Ensure you are connected by reopening the connection and retesting the credentials.
-
-
Save & Exit: If enabled, click to save the configuration for this step and close the activity configuration.
-
Next: Click to temporarily store the configuration for this step and continue to the next step. The configuration will not be saved until you click the Finished button on the last step.
-
Discard Changes: After making changes, click to close the configuration without saving changes made to any step. A message asks you to confirm that you want to discard changes.
Step 2: Select auxiliary classes¶
-
Object Classes: This section is used to further restrict the search by selecting auxiliary classes. This section is optional and can be skipped by selecting Next.
-
Available Auxiliary Classes: This column displays auxiliary classes to select from.
-
Search: Enter any column's value into the search box to filter the list of auxiliary classes. The search is not case-sensitive. If object classes are already displayed within the table, the table results are filtered in real time with each keystroke. To reload auxiliary classes from the endpoint when searching, enter search criteria and then refresh, as described below.
-
Refresh: Click the refresh icon to reload auxiliary classes from the LDAP endpoint. This may be useful if you have recently added auxiliary classes to the LDAP endpoint.
-
Adding an Auxiliary Class: Within the column, click anywhere on a row to select one or more auxiliary classes. Then click the add icon to add selected classes to the Selected Auxiliary Classes column:
-
-
Selected Auxiliary Classes: This column displays selected auxiliary classes.
-
Removing an Auxiliary Class: Within the column, click anywhere on a row to select one or more auxiliary classes. Then click the remove icon to return selected classes to the Available Auxiliary Classes column:
-
-
-
Back: Click to temporarily store the configuration for this step and return to the previous step.
-
Next: Click to temporarily store the configuration for this step and continue to the next step. The configuration will not be saved until you click the Finished button on the last step.
-
Discard Changes: After making changes, click to close the configuration without saving changes made to any step. A message asks you to confirm that you want to discard changes.
Step 3: Specify settings¶
Tip
Fields with a variable icon support using global variables, project variables, and Jitterbit variables. Begin either by typing an open square bracket [
into the field or by clicking the variable icon to display a list of the existing variables to choose from.
-
Base DN: Enter the base distinguished name to use as the starting point for the search.
-
Available Attributes: This column displays attributes to select from.
-
Search: Enter any column's value into the search box to filter the list of attributes. The search is not case-sensitive. If attributes are already displayed within the table, the table results are filtered in real time with each keystroke. To reload attributes from the endpoint when searching, enter search criteria and then refresh, as described below.
-
Refresh: Click the refresh icon to reload attributes from the LDAP endpoint. This may be useful if you have recently added attributes to the LDAP endpoint.
-
Adding an Attribute: Within the column, double-click anywhere on a row to add the attribute to the Filter Expression column on the right. Then edit the Filter Expression as necessary to create a valid expression.
-
-
Filter Expression: Enter a filter expression.
At a minimum, the filter expression must include the pre-populated structural class selected in Step 1: Enter a name and select a structural class. On changing the selected structural class in step 1, the existing filter expression is replaced in full with the newly pre-populated structural class.
You may add attributes and other filters as documented in LDAP filter types. Including additional structural object classes is not supported.
Note
Depending on the requirements of the LDAP endpoint, you may need to change the case of the pre-populated filter expression for the structural class. For example, change
ObjectClass
toobjectClass
. -
Scope: Specify the scope to use for the search, one of Object (Base), One Level, or Subtree:
-
Object (Base): Only the entry specified in the Base DN field will be searched, not including subordinates.
-
One Level: Only the immediate children of the entry specified in the Base DN field will be searched, not including the Base DN entry itself.
-
Subtree: The entry specified in the Base DN field and all of its subordinates to any depth will be searched.
-
-
Page Size: Enter the number of records to be returned for each request. The activity sends as many requests as needed to return all records. This parameter may be limited by the configured size limit on the specific LDAP server.
-
Back: Click to temporarily store the configuration for this step and return to the previous step.
-
Next: Click to temporarily store the configuration for this step and continue to the next step. The configuration will not be saved until you click the Finished button on the last step.
-
Discard Changes: After making changes, click to close the configuration without saving changes made to any step. A message asks you to confirm that you want to discard changes.
Step 4: Review the data schemas¶
-
Data Schema: The response data schema for an LDAP Search Entry activity is displayed. If the operation uses a transformation, the data schemas are displayed again later during the transformation mapping process, where you can map to target fields using source objects, scripts, variables, custom values, and more.
The LDAP connector uses the Apache Directory LDAP API version 1.0.1. This API supports all types of LDAP servers, not just ApacheDS. Refer to the Apache LDAP API 1.0.1 Documentation and documentation on the specific LDAP server for information on the schema fields.
These are the schema fields shown in the example screenshot above:
Response Schema Field/Node Notes json The format of the response schema searchResponse The Directory Services Markup Language (DSML) search response entries LDAP entries, each containing a distinguished name ( dn
) and a list of attributesitem An LDAP entry ObjectClass An object class definition item The object class item #text Value of the object class item dn The distinguished name representing a position in a hierarchy attributes The LDAP attributes userPassword The user password item The user password item #text Value of the user password item -
Refresh: Click the refresh icon or the word Refresh to regenerate schemas from the LDAP endpoint. This action also regenerates the schema in other locations throughout the project where the same schema is referenced, such as in an adjacent transformation.
-
Edit: Click the edit icon above the response data schema to enter the editor. The editor allows you to add, delete, and reorganize nodes and fields and change their data types. All newly added nodes and fields are set to
[0, 1]
cardinality. Changes made to the response data schema must be acceptable to the endpoint and should be made only after consulting any available documentation for the endpoint. -
Back: Click to temporarily store the configuration for this step and return to the previous step.
-
Finished: Click to save the configuration for all steps and close the activity configuration.
-
Discard Changes: After making changes, click to close the configuration without saving changes made to any step. A message asks you to confirm that you want to discard changes.
Next steps¶
After configuring an LDAP Search Entry activity, complete the configuration of the operation by adding and configuring other activities, transformations, or scripts as operation steps. You can also configure an operation's operation settings, which include the ability to chain operations together that are in the same or different workflows.
After an LDAP activity has been created, menu actions for that activity are accessible from the project pane in either the Workflows or the Components tabs, and from the design canvas. See Activity actions menu for details.
LDAP Search Entry activities can be used as a source with these operation patterns:
- Transformation pattern
- Two-target archive pattern (as the first source only)
- Two-target HTTP archive pattern (as the first source only)
- Two-transformation pattern (as the first or second source)
Other patterns are not valid using LDAP Search Entry activities. See the validation patterns on the Operation validity page.
To use the activity with scripting functions, write the data to a temporary location and then use that temporary location in the scripting function.
When ready, deploy and run the operation and validate behavior by checking the operation logs.