SAP IQ Connection Details
Introduction
Connector Version
This documentation is based on version 23.0.9039 of the connector.
Get Started
SybaseIQ Version Support
The connector enables connectivity to SybaseIQ Database (versions 15 and 16 supported) and SAP SQL Anywhere (version 17 supported) through the TDS protocol.
Establish a Connection
Connect to SybaseIQ
To connect to the SybaseIQ, specify the following connection properties:
Server
: Set this to the name or network address of the SybaseIQ or SAP SQL Anywhere database instance.Database
: Set this to the name of the SybaseIQ or SAP SQL Anywhere database running on the specified Server.
Optionally, you can also secure your connections with TLS/SSL by setting UseSSL
to true.
Note
It is also possible to connect to an instance of SAP SQL Anywhere with the above connector configuration.
Authenticate to SybaseIQ
SybaseIQ supports several methods for authentication including basic, Kerberos, and, LDAP.
Basic
Set the AuthScheme
to Basic
and set the following connection properties to use SybaseIQ authentication.
User
: Set this to the username of the authenticating SybaseIQ user.Password
: Set this to the username of the authenticating SybaseIQ user.
LDAP
To connect with LDAP authentication, you will need to configure SybaseIQ server-side to use the LDAP authentication mechanism.
After configuring SybaseIQ for LDAP, you can connect using the same credentials as basic authentication.
Kerberos
To leverage Kerberos authentication, begin by enabling it via the following connection property:
AuthScheme
: Set to Kerberos will be used for authentication to SybaseIQ.
See Using Kerberos information regarding the connection properties that need to be set for Kerberos authentication.
You can find an example connection string below:
Server=MyServer;Port=MyPort;User=SampleUser;Password=SamplePassword;Database=MyDB;Kerberos=true;KerberosKDC=MyKDC;KerberosRealm=MYREALM.COM;KerberosSPN=server-name
Use Kerberos
Kerberos
To authenticate to SybaseIQ with Kerberos, set AuthScheme
to KERBEROS
.
Authenticating to SybaseIQ via Kerberos requires you to define authentication properties and to choose how Kerberos should retrieve authentication tickets.
Retrieve Kerberos Tickets
Kerberos tickets are used to authenticate the requester's identity. The use of tickets instead of formal logins/passwords eliminates the need to store passwords locally or send them over a network. Users are reauthenticated (tickets are refreshed) whenever they log in at their local computer or enter kinit USER
at the command prompt.
The connector provides three ways to retrieve the required Kerberos ticket, depending on whether or not the KRB5CCNAME
and/or KerberosKeytabFile
variables exist in your environment.
MIT Kerberos Credential Cache File
This option enables you to use the MIT Kerberos Ticket Manager or kinit
command to get tickets. With this option there is no need to set the User
or Password
connection properties.
This option requires that KRB5CCNAME
has been created in your system.
To enable ticket retrieval via MIT Cerberos Credential Cache Files:
- Ensure that the
KRB5CCNAME
variable is present in your environment. - Set
KRB5CCNAME
to a path that points to your credential cache file. (For example,C:\krb_cache\krb5cc_0
or/tmp/krb5cc_0
.) The credential cache file is created when you use the MIT Kerberos Ticket Manager to generate your ticket. -
To obtain a ticket:
- Open the MIT Kerberos Ticket Manager application.
- Click
Get Ticket
. - Enter your principal name and password.
- Click
OK
.
If the ticket is successfully obtained, the ticket information appears in Kerberos Ticket Manager and is stored in the credential cache file.
The connector uses the cache file to obtain the Kerberos ticket to connect to SybaseIQ.
Note
If you would prefer not to edit KRB5CCNAME
, you can use the KerberosTicketCache
property to set the file path manually. After this is set, the connector uses the specified cache file to obtain the Kerberos ticket to connect to SybaseIQ.
Keytab File
If your environment lacks the KRB5CCNAME
environment variable, you can retrieve a Kerberos ticket using a Keytab File.
To use this method, set the User
property to the desired username, and set the KerberosKeytabFile
property to a file path pointing to the keytab file associated with the user.
User and Password
If your environment lacks the KRB5CCNAME
environment variable and the KerberosKeytabFile
property has not been set, you can retrieve a ticket using a user and password combination.
To use this method, set the User
and Password
properties to the user/password combination that you use to authenticate with SybaseIQ.
Enable Cross-Realm Authentication
More complex Kerberos environments can require cross-realm authentication where multiple realms and KDC servers are used. For example, they might use one realm/KDC for user authentication, and another realm/KDC for obtaining the service ticket.
To enable this kind of cross-realm authentication, set the KerberosRealm
and KerberosKDC
properties to the values required for user authentication. Also, set the KerberosServiceRealm
and KerberosServiceKDC
properties to the values required to obtain the service ticket.
Fine-Tuning Data Access
Other Properties
QueryPassthrough
: Indicates if the Jitterbit Connector for SybaseIQ will submit queries to SybaseIQ unaltered or not. By default, queries are sent as-is to the SybaseIQ.Timeout
: How long to wait for a response from the SybaseIQ before erroring out. The default is 30 seconds.UseSSL
: Set this to true in order to enable SSL communications.
Important Notes
Configuration Files and Their Paths
- All references to adding configuration files and their paths refer to files and locations on the Jitterbit agent where the connector is installed. These paths are to be adjusted as appropriate depending on the agent and the operating system. If multiple agents are used in an agent group, identical files will be required on each agent.
Advanced Features
This section details a selection of advanced features of the SybaseIQ connector.
SSL Configuration
Use SSL Configuration to adjust how connector handles TLS/SSL certificate negotiations. You can choose from various certificate formats; see the SSLServerCert
property under "Connection String Options" for more information.
Proxy
To configure the connector using private agent proxy settings, select the Use Proxy Settings
checkbox on the connection configuration screen.
SSL Configuration
Customize the SSL Configuration
By default, the connector attempts to negotiate SSL/TLS by checking the server's certificate against the system's trusted certificate store.
To specify another certificate, see the SSLServerCert
property for the available formats to do so.
Advanced Configurations Properties
The advanced configurations properties are the various options that can be used to establish a connection. This section provides a complete list of the options you can configure. Click the links for further details.
Property | Description |
---|---|
AuthScheme | The scheme used for authentication. Accepted entries are Password, Kerberos. |
Server | The name of the server running the SybaseIQ or SAP SQL Anywhere Database. |
Port | The port of the SybaseIQ database. |
Database | The name of the SybaseIQ or SAP SQL Anywhere database. |
User | The SybaseIQ user account used to authenticate. |
Password | The password used to authenticate the user. |
UseSSL | This field sets whether SSL is enabled, it is only available when ConnectionType is 'SQLAnywhere'. |
Charset | Charset name to communicate with server. |
ConnectionType | This option specifies whether to connect to a SybaseIQ server or a SQLAnywhere server. |
Property | Description |
---|---|
KerberosKDC | The Kerberos Key Distribution Center (KDC) service used to authenticate the user. |
KerberosRealm | The Kerberos Realm used to authenticate the user. |
KerberosSPN | The service principal name (SPN) for the Kerberos Domain Controller. |
KerberosKeytabFile | The Keytab file containing your pairs of Kerberos principals and encrypted keys. |
KerberosServiceRealm | The Kerberos realm of the service. |
KerberosServiceKDC | The Kerberos KDC of the service. |
KerberosTicketCache | The full file path to an MIT Kerberos credential cache file. |
Property | Description |
---|---|
SSLServerCert | The certificate to be accepted from the server when connecting using TLS/SSL. |
Property | Description |
---|---|
Location | A path to the directory that contains the schema files defining tables, views, and stored procedures. |
BrowsableSchemas | This property restricts the schemas reported to a subset of the available schemas. For example, BrowsableSchemas=SchemaA, SchemaB, SchemaC. |
Tables | This property restricts the tables reported to a subset of the available tables. For example, Tables=TableA, TableB, TableC. |
Views | Restricts the views reported to a subset of the available tables. For example, Views=ViewA, ViewB, ViewC. |
Property | Description |
---|---|
IncludeSystemObjects | Whether to include system objects while retrieving metadata. |
MaxRows | Limits the number of rows returned when no aggregation or GROUP BY is used in the query. This takes precedence over LIMIT clauses. |
MaxTDSPacketSize | The protocol sending and receiving buffer size. For the lower version, it's from 512 to 512. For the newer version, it's from 512 to 2048. |
Other | These hidden properties are used only in specific use cases. |
QueryPassthrough | This option passes the query to the SybaseIQ server as is. |
Timeout | A timeout for the provider. |
Authentication
This section provides a complete list of authentication properties you can configure.
Property | Description |
---|---|
AuthScheme | The scheme used for authentication. Accepted entries are Password, Kerberos. |
Server | The name of the server running the SybaseIQ or SAP SQL Anywhere Database. |
Port | The port of the SybaseIQ database. |
Database | The name of the SybaseIQ or SAP SQL Anywhere database. |
User | The SybaseIQ user account used to authenticate. |
Password | The password used to authenticate the user. |
UseSSL | This field sets whether SSL is enabled, it is only available when ConnectionType is 'SQLAnywhere'. |
Charset | Charset name to communicate with server. |
ConnectionType | This option specifies whether to connect to a SybaseIQ server or a SQLAnywhere server. |
AuthScheme
The scheme used for authentication. Accepted entries are Password, Kerberos.
Possible Values
Password
, Kerberos
Data Type
string
Default Value
Password
Remarks
Together with Password and User, this field is used to authenticate against the server. Password is the default option. Use the following options to select your authentication scheme:
- Password: Set this to use your Password.
- Kerberos: Set this to use Kerberos authentication.
Server
The name of the server running the SybaseIQ or SAP SQL Anywhere Database.
Data Type
string
Default Value
""
Remarks
Set this property to the name or network address of the SybaseIQ or SAP SQL Anywhere database instance.
Port
The port of the SybaseIQ database.
Data Type
string
Default Value
2638
Remarks
The port of the Server hosting the SybaseIQ Database.
Database
The name of the SybaseIQ or SAP SQL Anywhere database.
Data Type
string
Default Value
""
Remarks
The name of the SybaseIQ or SAP SQL Anywhere database running on the specified Server.
User
The SybaseIQ user account used to authenticate.
Data Type
string
Default Value
""
Remarks
Together with Password, this field is used to authenticate against the SybaseIQ server.
Password
The password used to authenticate the user.
Data Type
string
Default Value
""
Remarks
The User and Password
are together used to authenticate with the server.
UseSSL
This field sets whether SSL is enabled, it is only available when ConnectionType is 'SQLAnywhere'.
Data Type
bool
Default Value
false
Remarks
This field sets whether the connector will attempt to negotiate TLS/SSL connections to the server. By default, the connector checks the server's certificate against the system's trusted certificate store. To specify another certificate, set SSLServerCert.
Charset
Charset name to communicate with server.
Data Type
string
Default Value
cp1252
Remarks
Charset name to communicate with server.
ConnectionType
This option specifies whether to connect to a SybaseIQ server or a SQLAnywhere server.
Possible Values
SybaseIQ
, SQLAnywhere
Data Type
string
Default Value
SybaseIQ
Remarks
SSL/TLS encryption can only be enabled when this property is set to 'SQLAnywhere'.
Kerberos
This section provides a complete list of Kerberos properties you can configure.
Property | Description |
---|---|
KerberosKDC | The Kerberos Key Distribution Center (KDC) service used to authenticate the user. |
KerberosRealm | The Kerberos Realm used to authenticate the user. |
KerberosSPN | The service principal name (SPN) for the Kerberos Domain Controller. |
KerberosKeytabFile | The Keytab file containing your pairs of Kerberos principals and encrypted keys. |
KerberosServiceRealm | The Kerberos realm of the service. |
KerberosServiceKDC | The Kerberos KDC of the service. |
KerberosTicketCache | The full file path to an MIT Kerberos credential cache file. |
KerberosKDC
The Kerberos Key Distribution Center (KDC) service used to authenticate the user.
Data Type
string
Default Value
""
Remarks
The Kerberos properties are used when using SPNEGO or Windows Authentication. The connector will request session tickets and temporary session keys from the Kerberos KDC service. The Kerberos KDC service is conventionally colocated with the domain controller.
If Kerberos KDC is not specified, the connector will attempt to detect these properties automatically from the following locations:
KRB5 Config File (krb5.ini/krb5.conf)
: If the KRB5_CONFIG environment variable is set and the file exists, the connector will obtain the KDC from the specified file. Otherwise, it will attempt to read from the default MIT location based on the OS:C:\ProgramData\MIT\Kerberos5\krb5.ini
(Windows) or/etc/krb5.conf
(Linux).Java System Properties
: Using the system propertiesjava.security.krb5.realm
andjava.security.krb5.kdc
.Domain Name and Host
: If the Kerberos Realm and Kerberos KDC could not be inferred from another location, the connector will infer them from the configured domain name and host.
Note
Windows authentication is supported in JRE 1.6 and above only.
KerberosRealm
The Kerberos Realm used to authenticate the user.
Data Type
string
Default Value
""
Remarks
The Kerberos properties are used when using SPNEGO or Windows Authentication. The Kerberos Realm is used to authenticate the user with the Kerberos Key Distribution Service (KDC). The Kerberos Realm can be configured by an administrator to be any string, but conventionally it is based on the domain name.
If Kerberos Realm is not specified, the connector will attempt to detect these properties automatically from the following locations:
KRB5 Config File (krb5.ini/krb5.conf)
: If the KRB5_CONFIG environment variable is set and the file exists, the connector will obtain the default realm from the specified file. Otherwise, it will attempt to read from the default MIT location based on the OS:C:\ProgramData\MIT\Kerberos5\krb5.ini
(Windows) or/etc/krb5.conf
(Linux)Java System Properties
: Using the system propertiesjava.security.krb5.realm
andjava.security.krb5.kdc
.Domain Name and Host
: If the Kerberos Realm and Kerberos KDC could not be inferred from another location, the connector will infer them from the user-configured domain name and host. This might work in some Windows environments.
Note
Kerberos-based authentication is supported in JRE 1.6 and above only.
KerberosSPN
The service principal name (SPN) for the Kerberos Domain Controller.
Data Type
string
Default Value
""
Remarks
If the SPN on the Kerberos Domain Controller is not the same as the URL that you are authenticating to, use this property to set the SPN.
KerberosKeytabFile
The Keytab file containing your pairs of Kerberos principals and encrypted keys.
Data Type
string
Default Value
""
Remarks
The Keytab file containing your pairs of Kerberos principals and encrypted keys.
KerberosServiceRealm
The Kerberos realm of the service.
Data Type
string
Default Value
""
Remarks
The KerberosServiceRealm
is the specify the service Kerberos realm when using cross-realm Kerberos authentication.
In most cases, a single realm and KDC machine are used to perform the Kerberos authentication and this property is not required.
This property is available for complex setups where a different realm and KDC machine are used to obtain an authentication ticket (AS request) and a service ticket (TGS request).
KerberosServiceKDC
The Kerberos KDC of the service.
Data Type
string
Default Value
""
Remarks
The KerberosServiceKDC
is used to specify the service Kerberos KDC when using cross-realm Kerberos authentication.
In most cases, a single realm and KDC machine are used to perform the Kerberos authentication and this property is not required.
This property is available for complex setups where a different realm and KDC machine are used to obtain an authentication ticket (AS request) and a service ticket (TGS request).
KerberosTicketCache
The full file path to an MIT Kerberos credential cache file.
Data Type
string
Default Value
""
Remarks
This property can be set if you wish to use a credential cache file that was created using the MIT Kerberos Ticket Manager or kinit command.
SSL
This section provides a complete list of SSL properties you can configure.
Property | Description |
---|---|
SSLServerCert | The certificate to be accepted from the server when connecting using TLS/SSL. |
SSLServerCert
The certificate to be accepted from the server when connecting using TLS/SSL.
Data Type
string
Default Value
""
Remarks
If using a TLS/SSL connection, this property can be used to specify the TLS/SSL certificate to be accepted from the server. Any other certificate that is not trusted by the machine is rejected.
This property can take the following forms:
Description | Example |
---|---|
A full PEM Certificate (example shortened for brevity) | -----BEGIN CERTIFICATE----- MIIChTCCAe4CAQAwDQYJKoZIhv......Qw== -----END CERTIFICATE----- |
A path to a local file containing the certificate | C:\\cert.cer |
The public key (example shortened for brevity) | -----BEGIN RSA PUBLIC KEY----- MIGfMA0GCSq......AQAB -----END RSA PUBLIC KEY----- |
The MD5 Thumbprint (hex values can also be either space or colon separated) | ecadbdda5a1529c58a1e9e09828d70e4 |
The SHA1 Thumbprint (hex values can also be either space or colon separated) | 34a929226ae0819f2ec14b4a3d904f801cbb150d |
If not specified, any certificate trusted by the machine is accepted.
Certificates are validated as trusted by the machine based on the System's trust store. The trust store used is the 'javax.net.ssl.trustStore' value specified for the system. If no value is specified for this property, Java's default trust store is used (for example, JAVA_HOME\lib\security\cacerts).
Use '*' to signify to accept all certificates. Note that this is not recommended due to security concerns.
Schema
This section provides a complete list of schema properties you can configure.
Property | Description |
---|---|
Location | A path to the directory that contains the schema files defining tables, views, and stored procedures. |
BrowsableSchemas | This property restricts the schemas reported to a subset of the available schemas. For example, BrowsableSchemas=SchemaA, SchemaB, SchemaC. |
Tables | This property restricts the tables reported to a subset of the available tables. For example, Tables=TableA, TableB, TableC. |
Views | Restricts the views reported to a subset of the available tables. For example, Views=ViewA, ViewB, ViewC. |
Location
A path to the directory that contains the schema files defining tables, views, and stored procedures.
Data Type
string
Default Value
%APPDATA%\SybaseIQ Data Provider\Schema
Remarks
The path to a directory which contains the schema files for the connector (.rsd files for tables and views, .rsb files for stored procedures). The folder location can be a relative path from the location of the executable. The Location
property is only needed if you want to customize definitions (for example, change a column name, ignore a column, and so on) or extend the data model with new tables, views, or stored procedures.
If left unspecified, the default location is "%APPDATA%\SybaseIQ Data Provider\Schema" with %APPDATA%
being set to the user's configuration directory:
Platform | %APPDATA% |
---|---|
Windows | The value of the APPDATA environment variable |
Mac | ~/Library/Application Support |
Linux | ~/.config |
BrowsableSchemas
This property restricts the schemas reported to a subset of the available schemas. For example, BrowsableSchemas=SchemaA,SchemaB,SchemaC.
Data Type
string
Default Value
""
Remarks
Listing the schemas from databases can be expensive. Providing a list of schemas in the connection string improves the performance.
Tables
This property restricts the tables reported to a subset of the available tables. For example, Tables=TableA,TableB,TableC.
Data Type
string
Default Value
""
Remarks
Listing the tables from some databases can be expensive. Providing a list of tables in the connection string improves the performance of the connector.
This property can also be used as an alternative to automatically listing views if you already know which ones you want to work with and there would otherwise be too many to work with.
Specify the tables you want in a comma-separated list. Each table should be a valid SQL identifier with any special characters escaped using square brackets, double-quotes or backticks. For example, Tables=TableA,[TableB/WithSlash],WithCatalog.WithSchema.`TableC With Space`.
Note that when connecting to a data source with multiple schemas or catalogs, you will need to provide the fully qualified name of the table in this property, as in the last example here, to avoid ambiguity between tables that exist in multiple catalogs or schemas.
Views
Restricts the views reported to a subset of the available tables. For example, Views=ViewA,ViewB,ViewC.
Data Type
string
Default Value
""
Remarks
Listing the views from some databases can be expensive. Providing a list of views in the connection string improves the performance of the connector.
This property can also be used as an alternative to automatically listing views if you already know which ones you want to work with and there would otherwise be too many to work with.
Specify the views you want in a comma-separated list. Each view should be a valid SQL identifier with any special characters escaped using square brackets, double-quotes or backticks. For example, Views=ViewA,[ViewB/WithSlash],WithCatalog.WithSchema.`ViewC With Space`.
Note that when connecting to a data source with multiple schemas or catalogs, you will need to provide the fully qualified name of the table in this property, as in the last example here, to avoid ambiguity between tables that exist in multiple catalogs or schemas.
Miscellaneous
This section provides a complete list of miscellaneous properties you can configure.
Property | Description |
---|---|
IncludeSystemObjects | Whether to include system objects while retrieving metadata. |
MaxRows | Limits the number of rows returned when no aggregation or GROUP BY is used in the query. This takes precedence over LIMIT clauses. |
MaxTDSPacketSize | The protocol sending and receiving buffer size. For the lower version, it's from 512 to 512. For the newer version, it's from 512 to 2048. |
Other | These hidden properties are used only in specific use cases. |
QueryPassthrough | This option passes the query to the SybaseIQ server as is. |
Timeout | A timeout for the provider. |
IncludeSystemObjects
Whether to include system objects while retrieving metadata.
Data Type
bool
Default Value
false
Remarks
Whether to include system objects while retrieving metadata.
MaxRows
Limits the number of rows returned when no aggregation or GROUP BY is used in the query. This takes precedence over LIMIT clauses.
Data Type
int
Default Value
-1
Remarks
Limits the number of rows returned when no aggregation or GROUP BY is used in the query. This takes precedence over LIMIT clauses.
MaxTDSPacketSize
The protocol sending and receiving buffer size. For the lower version, it's from 512 to 512. For the newer version, it's from 512 to 2048.
Data Type
string
Default Value
512
Remarks
MaxTDSPacketSize
allows you to control the protocol sending and receiving buffer size.
Other
These hidden properties are used only in specific use cases.
Data Type
string
Default Value
""
Remarks
The properties listed below are available for specific use cases. Normal driver use cases and functionality should not require these properties.
Specify multiple properties in a semicolon-separated list.
Integration and Formatting
Property | Description |
---|---|
DefaultColumnSize | Sets the default length of string fields when the data source does not provide column length in the metadata. The default value is 2000. |
ConvertDateTimeToGMT | Determines whether to convert date-time values to GMT, instead of the local time of the machine. |
RecordToFile=filename | Records the underlying socket data transfer to the specified file. |
QueryPassthrough
This option passes the query to the SybaseIQ server as is.
Data Type
bool
Default Value
false
Remarks
When this is set, queries are passed through directly to SybaseIQ.
Timeout
A timeout for the provider.
Data Type
int
Default Value
30
Remarks
If the Timeout
property is set to 0, operations will not time out; instead, they will run until they complete successfully or encounter an error condition.
If Timeout
expires and the operation is not yet complete, the connector raises an error condition.