Any examples or tips for LDAP integration connector?

Google Cloud Integration Services
,
1

Hi all:

I’m trying to figure out how to use* the LDAP integration connector, and not getting very far. I was hoping others might have more experience on this and be able to point me in the right direction.

I’ve figured out how to configure my connection to our LDAP server. If I do a really simple application integration like this:

icrew_0-1678233500228.png
icrew_0-1678233500228.png444×686 12.6 KB

I get an emailwhen the schedule triggers with JSON output of a small handful of the fields associated with each of the first few records in our LDAP server in it.

What I can’t figure out is:

  1. How do I specify the search parameters for the LDAP search? Like (&(sn=Crew)(givenName=Ian))in normal LDAP query syntax.
  2. How do I specify which fields I want to get back? Or tell it to give me all of the available fields back, not just the small handful it gives back by default?
  3. How do I iterate through more than one page of results/page of users?
    • What I’d really love to be able to do is to run an LDAP query and get the results pushed into a BigQuery table, but I’m taking it step by step.

Any pointers would be most appreciated!

Thanks,

Ian

2

Hi Ian,

Our filterClause syntax is designed to always be in SQL syntax, so you will need to create the query more like a Where clause in a Select statement for a Database. For your example, it might look more like this:
Your LDap Query : Like (&(sn=Crew)(givenName=Ian))

Set the Connector task’s filterClause variable to:

sn = ‘Crew’ and givenName = ‘Ian’

Hope that helps!

1 Like
3

Thanks so much @shaaland – that does help. I can now look myself up! Is the filterClause syntax documented anyplace? I’m now wondering how we do things like wildcards. (‘*’ and ‘%’ don’t seem to be the answer…)

Also, if you or anyone else has any suggestions re. #2 and #3 in my original post, that’d also be hugely appreciated. (Even if it’s a “you should really read this/do this tutorial/whatever”)

Thanks again,

Ian

4

Here is the doc page that talks about filter clause : https://cloud.google.com/application-integration/docs/connectors-task#filter
I’m just now noticing that we are missing the wildcard example though! I’ll see if we can get that added to the list of examples.

Meanwhile, you would use the LIKE and % for a wildcard

Example:

sn LIKE ‘Crew%’ and givenName LIKE ‘Ia%’

Sorry for not addressing 2 and 3! I just zero’ed in on 1!

  1. How do I specify which fields I want to get back? Or tell it to give me all of the available fields back, not just the small handful it gives back by default?

If you do a LIST Operation with the filterClause, it should return an array of rows back to you with all available fields in that table. If the data you want is in another table, you may need to do another LIST operation on that table in a separate Connector Task. If you have a primary key value for that table, you can also just do a GET operation and then it will return exactly 1 row (not an array of rows).

  1. How do I iterate through more than one page of results/page of users?

When you use a LIST operation, there is a pagesize input variable created, which defaults to 25. You can increase this to something larger so that you don’t have to do paging. It should be ok up to 10,000. If you have more than 10,000 rows expected back, then you can put this Connector task into a while loop and basically loop through and getting the next page until you have them all (see screenshot below for the input/output variables you use to control this). This gets quite a bit more complex, so hopefully you can just keep it simple with less than 10,000.

Use listEntitiesPageSize to set the page size as described above (up to 10,000)

Use listEntitiesPageToken for the second and every subsequent page (leave it empty the first time through the loop), and you get this value from the Output variable: listEntitiesNextPageToken from the first execution and then for each subsequent execution. This is a great idea for my next sample post…

Screenshot 2023-03-08 at 11.15.34 AM.png
Screenshot 2023-03-08 at 11.15.34 AM.png398×888 57.5 KB

5

Thanks again @shaaland !

Re. #1: Oh, bleep. LIKE. Of course. Sorry! (I really do know SQL, I promise! :grin: )

Re. #2, when I run the “list” for the LDAP integration connector, I get the following for myself:

{
“Id”: “1|uid\u003d13442,ou\u003dpeople,dc\u003dberkeley,dc\u003dedu”,
“DN”: “uid\u003d13442,ou\u003dpeople,dc\u003dberkeley,dc\u003dedu”,
“RDN”: “uid\u003d13442”,
“BaseDN”: “ou\u003dpeople,dc\u003dberkeley,dc\u003dedu”,
“ObjectClass_1”: “top”,
“ObjectClass_2”: “eduPerson”,
“ObjectClass_3”: “inetorgperson”,
“ObjectClass_4”: “berkeleyEduPerson”,
“SN”: “Crew”,
“CN”: “Crew, Ian”,
“UserPassword”: null,
“TelephoneNumber”: null,
“SeeAlso”: null,
“Description”: null
}

The connector is configured as follows:

icrew_0-1678318781457.png
icrew_0-1678318781457.png2898×1086 169 KB

Compare that to what I get with the linux command-line “ldapsearch”:

$ ldapsearch -x -v -LLL -o ldif-wrap=no -h [REDACTED] -p 389 -D “[REDACTED]” -W -b “ou=people,dc=berkeley,dc=edu” “(&(sn=Crew)(givenname=Ian))”
ldap_initialize( ldap://[REDACTED]:389 )
Enter LDAP Password:
filter: (&(sn=Crew)(givenname=Ian))
requesting: All userApplication attributes
dn: uid=13442,ou=people,dc=berkeley,dc=edu
objectClass: top
objectClass: eduPerson
objectClass: inetorgperson
objectClass: berkeleyEduPerson
objectClass: organizationalperson
objectClass: person
objectClass: ucEduPerson
berkeleyEduAffiliations: [REDACTED]
berkeleyEduAffiliations: EMPLOYEE-TYPE-STAFF
berkeleyEduAffiliations: [REDACTED]
berkeleyEduAffiliations: [REDACTED]
berkeleyEduAlternateID: [REDACTED]
berkeleyEduCalNetIDUpdatedFlag: true
berkeleyEduConfidentialFlag: false
berkeleyEduCSID: [REDACTED]
berkeleyEduEmailRelFlag: true
berkeleyEduEmpTitleCode: [REDACTED]
berkeleyEduFirstName: Ian
berkeleyEduHCMID: [REDACTED]
berkeleyEduKerberosPrincipalString: icrew
berkeleyEduLastName: Crew
berkeleyEduOfficialEmail: [REDACTED]
berkeleyEduPrimaryDeptUnit: VRCIE
berkeleyEduStuID: [REDACTED]
berkeleyEduUCPathID: [REDACTED]
berkeleyEduUnitHRDeptName: Campus IT Experience
cn: Crew, Ian
departmentNumber: VRCIE
displayName: Ian Crew
employeeNumber: [REDACTED]
givenName: Ian
l: Berkeley
labeledURI: http://bConnected.berkeley.edu
mail: [REDACTED]
o: University of California, Berkeley
ou: people
postalAddress: 2850 Telegraph Ave, 6th Floor$Berkeley, CA 94720-4876
postalCode: 94720
sn: Crew
st: CA
street: 2850 Telegraph Ave, 6th Floor
title: Solutions Architect-bConnected
uid: 13442

(“[REDACTED]” is stuff I’ve removed from this post for privacy reasons.)

What I can’t figure out is how to get all of the additional fields to show up in the LDAP Integration Connector. I don’t see anyplace for me to specify the equivalent of “requesting: All userApplication attributes” or to specify which fields I do want back from the search.

Cheers,

Ian

6

@icrew , do you see another Entity called “OrganizationalPerson”? If yes, can you try to do a LIST operation on that entity to see if it has these other columns you see in the LDAP search utility?

7

I only see “Person”, no “OrganizationalPerson”, unless maybe I’m looking in the wrong place? Here’s a screenshot:

icrew_0-1678324248413.png
icrew_0-1678324248413.png2544×1158 163 KB

Thanks!

Ian

8

You can either drag in a new Connector Task or use the “RESET” button at the bottom of that screen, and then it will show you all the available entities again. I suggest just dragging a new one in and wire it up as a parallel path in your integration so it runs both List operations at the same time and you can check the logs to see how each one is different.

In this one, I’m doing 4 Salesforce connection task operations in parallel…the LIST tasks on the left are just so I can view the contents quickly in the logs for demo purposes, as the flow just ends there, but if needed, I could add other tasks after those.

Screenshot 2023-03-08 at 5.24.29 PM.png
Screenshot 2023-03-08 at 5.24.29 PM.png923×439 37.1 KB