TIBCO Scribe® Online Connector For LDAP

The TIBCO Cloud™ Integration - Connect Connector for LDAP Directory Services is based on the CData driver of LDAP Directory Services. This Connector provides read and write access to LDAP directories. Synchronize information from a directory with leads and contacts in your CRM, or use the Connector to reset a user’s password. The Connector supports LDAP objects, such as Group, Person, and User, and special operations, such as Change Password and Reset Password.

Use the LDAP Connector as a source or target Connection for On schedule and On eventapps. This Connector is based on Scribe.Connector.AdoNet library and CData LDAP ADO.NET provider.

Possible use cases for the LDAP Connector include:

Query/add/delete/update entries in LDAP
Manage user groups
Change or reset a user’s password using native query
Move objects from one DN to another one using native query
Get all the attribute names and values of the specified DN with native query

Connector Specifications

	Supported
Agent Types
Connect on-premise	X
Connect cloud	X
Data Replication Apps
Source
Target
On Schedule Apps
Source	X
Target	X
On Event Apps
Source	X
Target	X
Flows
Integration	X
Request-Reply	X
Message

Note:

This Connector is available from the TIBCO Cloud™ Integration Marketplace. See Marketplace Connectors for more information.

Supported Entities

The LDAP Connector supports the following entities. Click a linked entity name for additional information when using that entity in TIBCO Cloud™ Integration - Connect. For a list of additional operations by entity see Special Operations.

Standard Operations

Entity	Query	Create	Update	Delete
Group	X	X	X	X
OrganizationPerson	X	X	X	X
Person	X	X	X	X
Top	X	X	X	X
User	X	X	X	X

Special Operations

These special operations are executed using the Native Query Block. See Native Query.

Entity	Operations
User	-ChangePassword -ResetPassword

Setup Considerations

Supports LDAP protocol versions: 2 and 3.
Set the LDAP version using the LDAP version connection string property in the Additional Parameters field on the Connection dialog. Version 2 is used by default.
Advanced scenarios like customizing the SSL configuration or connecting through a firewall or a proxy are described in the Advanced Settings section in the CData documentation.

Selecting An Agent Type For LDAP

Refer to TIBCO Cloud™ Integration - Connect Agents for information on available agent types and how to select the best agent for your app.

Connecting To LDAP

Note: Best practice is to create Connections with credentials that limit permissions in the target system, following the principle of least privilege. Using Administrator level credentials in a Connection provides Administrator level access to the target system for TIBCO Cloud™ Integration - Connect users. Depending on the entities supported, a TIBCO Cloud™ Integration - Connect user could alter user accounts in the target system.

Select Connections from the menu.
From the Connections page select Create to open the Create a connection dialog.
Select the Connector from the list to open the Connection dialog, and then enter the following information for this Connection:
- Name — This can be any meaningful name, up to 25 characters.
- Alias — An alias for this Connection name. The alias is generated from the Connection name, and can be up to 25 characters. The Connection alias can include letters, numbers, and underscores. Spaces and special characters are not accepted. You can change the alias. For more information, see Connection Alias.
- BaseDN — Optional. Base portion of the distinguished name. Limits results to specific subtrees. For example, if the value for the root folder for the domain is SomeDomain.Local, then the BaseDN is: dc=SomeDomain,dc=Local
- Server — IP address or DNS name of the domain controller.
- Port — Optional field that sets the Domain Controller port number, which must be in the 1023 to 65535 range. Default value is 389.
- User — User name in one of the following formats: SomeDomain\SomeUserName or someusername@SomeDomain.Local
- Password — Password for the distinguished name of the specified user.
- Additional Parameters — Optional field where you can specify one or more connection string parameters. See the Connection String Options section of the CData documentation for a list of parameters that can be used and their default values. Note that in some cases the CData LDAP ADO.NET provider does not fully support all of the possible parameters.
  Syntax for the Additional Parameters field is as follows:
  - All blank characters, except those within a value or within quotation marks, are ignored
  - Preceding and trailing spaces are ignored unless enclosed in single or double quotes, such as Keyword=" value"
  - Semicolons (;) within a value must be delimited by quotation marks
  - Use a single quote (') if the value begins with a double quote (")
  - Use a double quote (") if the value begins with a single quote (')
  - Parameters are case-insensitive
  - If a KEYWORD=VALUE pair occurs more than once in the connection string, the value associated with the last occurrence is used
  - If a keyword contains an equal sign (=), it must be preceded by an additional equal sign to indicate that the equal sign is part of the keyword
  - Parameters that are handled by other fields or default settings in the Connection dialog are ignored if used in the Additional Parameters field, including:
    - BaseDN
    - Server
    - Port
    - User
    - Password
    - Logfile — This parameter is not visible in the Connection dialog, but is set by the Connector. The default size is a maximum of 10MB. Any CData log files generated by this setting are stored in the default Connect on-premise Agent Logs directory, C:\Program Files (x86)\Scribe Software\TIBCO Scribe® Online Agent\logs\. The format for log file names for CData logs are as follows: <ConnectorName><GUID of the Connection><DateTimeStamp>.log
      Note: For information on setting log file verbosity, see Verbosity in the CData Help.
    - MaxLogFileSize — This parameter is set by the Connector to a maximum of 10MB.
    - Other
    - RTK
    - Support Enhanced SQL
Select Test to ensure that the agent can connect to your database. Be sure to test the Connection against all agents that use this Connection. See Testing Connections.
Select OK/Save to save the Connection.

Metadata Notes

All entity properties are returned as strings.

Naming

Connection metadata must have unique entity, relationship, and field names. If your Connection metadata has duplicate names, review the source system to determine if the duplicates can be renamed.

LDAP Connector As An App Source

Consider the following when using the LDAP Connector as an app source.

Query

There are no Query or Fetch limitations.
The following are not supported:
- Net Change to query for new and updated records
- Relationships
- Hierarchical data

Native Query

The LDAP Connector supports SQL queries in Native Query Blocks to create customized queries for LDAP. The query can be as simple or complex as you need it to be; however, it should return a single result set. The native query text is sent to LDAP exactly as it is entered without any modifications.

You can use SELECT , UPDATE , INSERT and DELETE clauses. If support for Enhanced SQL is enabled, you can use Joins and Aggregate functions. For additional details, see the SQL Compliance section of the CData documentation .

After entering the SQL query, you must select Test to validate the query. Invalid queries are not accepted by the Connector. See Native Query Block and Creating Native Queries For Microsoft SQL Server for additional information.

When testing a Native Query in a flow, if the source datastore does not return any data, TIBCO Cloud™ Integration - Connect cannot build the schema for the underlying metadata and the flow cannot be saved. To allow TIBCO Cloud™ Integration - Connect to build the schema, do the following:

Create a single temporary record in the source datastore that matches the Native Query.
Test the Native Query and ensure that it is successful.
Save the flow.
Remove the temporary record from the source datastore.

Filtering

Filtering support varies by entity. For additional details, see the Data Model section of the CData documentation.

TIBCO Cloud™ Integration - Connect API Considerations

To create Connections with the TIBCO Cloud™ Integration - Connect API, the LDAP Connector requires the following information:

Connector Name	LDAP
Connector ID	ABE3922D-2F7C-4E79-B136-35F5C6984071

TIBCO Cloud™ Integration - Connect Connection Properties

In addition, this Connector uses the Connection properties shown in the following table.

Note: Connection property names are case-sensitive.

Name	Data Type	Required	Secured
BaseDN	String	Yes	No
Server	String	Yes	No
Port	String	No	No
User	String	Yes	No
Password	String	Yes	Yes
ConnectionString	String	No	No

License Agreement

The TIBCO End User License Agreement for the LDAP Connector describes TIBCO and your legal obligations and requirements. TIBCO suggests that you read the End User License Agreement.

More Information

For additional information on this Connector, refer to the Knowledge Base and Discussions in the TIBCO Community.