LDAP Directories

26.1 Introduction

Oracle Data Integrator supports LDAP directories integration using the Oracle Data Integrator Driver for LDAP.

26.1.1 Concepts

The LDAP concepts map the Oracle Data Integrator concepts as follows: An LDAP directory tree, more specifically the entry point to this LDAP tree, corresponds to a data server in Oracle Data Integrator. Within this data server, a single schema maps the content of the LDAP directory tree.

The Oracle Data Integrator Driver for LDAP (LDAP driver) loads the hierarchical structure of the LDAP tree into a relational schema. This relational schema is a set of tables that can be queried or modified using standard SQL statements.

Note:

ODI LDAP driver's support for LDAP servers is limited. All the features of the driver may not work on any given instance of an LDAP server. ODI uses Java JNDI API to interact with the LDAP servers. If the LDAP server adheres exactly with LDAP specifications, then driver features will work. Otherwise, some of the features may not work.

The relational schema is reverse-engineered as a data model in ODI, with tables, columns, and constraints. This model is used like a normal relational data model in ODI. Any changes performed in the relational schema data (insert/update) is immediately impacted by the driver in the LDAP data.

See Oracle Data Integrator Driver for LDAP Reference for more information on this driver.

26.1.2 Knowledge Modules

Oracle Data Integrator does not provide specific Knowledge Modules (KM) for the LDAP technology. You can use LDAP as a SQL data server. LDAP data servers support both the technology-specific KMs sourcing or targeting SQL data servers, as well as the generic KMs. See Generic SQL or the technology chapters for more information on these KMs.

26.2 Installation and Configuration

Make sure you have read the information in this section before you start working with the LDAP technology.

26.2.1 System Requirements

Before performing any installation you should read the system requirements and certification documentation to ensure that your environment meets the minimum installation requirements for the products you are installing.

The list of supported platforms and versions is available on Oracle Technical Network (OTN):

http://www.oracle.com/technetwork/middleware/data-integrator/documentation/index.html.

26.2.2 Technologic Specific Requirements

There are no technology-specific requirements for using LDAP directories in Oracle Data Integrator.

26.2.3 Connectivity Requirements

This section lists the requirements for connecting to LDAP database.

Oracle Data Integrator Driver for LDAP

LDAP directories are accessed through the Oracle Data Integrator Driver for LDAP. This JDBC driver is installed with Oracle Data Integrator.

To connect to an LDAP directory you must ask the system administrator for the following connection information:

The URL to connect to the directory
The User and Password to connect to the directory
The Base Distinguished Name (Base DN). This is the location in the LDAP tree that ODI will access.

You may also require a connection to the Reference LDAP Tree structure and to an External Storage database for the driver. See Oracle Data Integrator Driver for XML Reference for more information on these concepts and configuration parameters.

26.3 Setting up the Topology

Setting up the topology consists in:

26.3.1 Creating an LDAP Data Server

An LDAP data server corresponds to an LDAP tree that is accessible to Oracle Data Integrator.

26.3.1.1 Creation of the Data Server

Create a data server for the LDAP technology using the standard procedure, as described in Creating a Data Server of Administering Oracle Data Integrator. This section details only the fields required or specific for defining a LDAP data server:

In the Definition tab:
- Name: Name of the data server that will appear in Oracle Data Integrator.
- User/Password: Name and password of the LDAP directory user.

In the JDBC tab, enter the values according to the driver used:

JDBC Driver: com.sunopsis.ldap.jdbc.driver.SnpsLdapDriver
JDBC URL: The driver supports two URL formats:
- jdbc:snps:ldap?<property>=<value>[&<property>=<value>...]
- jdbc:snps:ldap2?<property>=<value>[&<property>=<value>...]
These two URLs accept the key properties listed in Table 26-1. See Driver Configuration for a detailed description of these properties and for a comprehensive list of all JDBC driver properties.

Note:

The first URL requires the LDAP directory password to be encoded. The second URL allows you to give the LDAP directory password without encoding it. It is recommended to use the first URL to secure the LDAP directory password.

Table 26-1 JDBC URL Properties

Property	Value	Notes
ldap_auth	<authentication mode>	LDAP Directory authentication method. See the `auth` property in Table A-1
ldap_url	<LDAP URL>	LDAP Directory URL. The URL must not contain spaces. If there are spaces in the URL, replace them with %20. See the `url` property in Table A-1
ldap_user	<LDAP user name>	LDAP Directory user name. See the `user` property in Table A-1
ldap_password	<LDAP user password>	LDAP Directory user password. This password must be encoded if using the jdbc:snps:ldap URL syntax. See the `password` property in Table A-1
ldap_basedn	<base DN>	LDAP Directory basedn. The basedn must not contain spaces. If there are spaces in the basedn, replace them with %20. See the `basedn` property in Table A-1

Example 26-1 URL Examples

To connect an Oracle Internet Directory on server OHOST_OID and port 3060, using the user orcladmin, and accessing this directory tree from the basedn dc=us,dc=oracle,dc=com you can use the following URL:

jdbc:snps:ldap?ldap_url=ldap://OHOST_OID:3060/
&ldap_basedn=dc=us,dc=oracle,dc=com
&ldap_password=ENCODED_PASSWORD
&ldap_user=cn=orcladmin

26.3.2 Creating a Physical Schema for LDAP

Create an LDAP physical schema using the standard procedure, as described in Creating a Physical Schema in Administering Oracle Data Integrator.

Create for this physical schema a logical schema using the standard procedure, as described in Creating a Logical Schema in Administering Oracle Data Integrator and associate it in a given context.

26.4 Setting Up an Integration Project

Setting up a Project using the LDAP database follows the standard procedure. See Creating an Integration Project of Developing Integration Projects with Oracle Data Integrator.

The recommended knowledge modules to import into your project for getting started are the following:

LKM SQL to SQL
LKM File to SQL
IKM SQL Control Append

26.5 Creating and Reverse-Engineering an LDAP Directory

This section contains the following topics:

26.5.1 Create an LDAP Model

A data model groups a set of datastores. Each datastore represents in the context of a directory a class or group of classes. Typically, classes are mapped to tables and attributes to column. See LDAP to Relational Mapping for more information.

Create an LDAP Model using the standard procedure, as described in Creating a Model of Developing Integration Projects with Oracle Data Integrator.

26.5.2 Reverse-Engineering an LDAP Model

LDAP supports standard reverse-engineering, which uses only the abilities of the LDAP driver.

When the reverse-engineering process of the LDAP driver translates the LDAP tree into a relational database structure, it constructs tables from sets of objects in the tree.

The names of these tables must reflect this original structure in order to maintain the mapping between the two. As a result, the table names are composed of the original LDAP object names that may be extremely long and not appropriate as datastore names in mappings.

The solution consists in creating an alias file that contains a list of short and clear table name aliases. See Table Aliases Configuration for more information.

Standard Reverse-Engineering

To perform a Standard Reverse-Engineering on LDAP use the usual procedure, as described in Reverse-engineering a Model of Developing Integration Projects with Oracle Data Integrator.

The standard reverse-engineering process will automatically map the LDAP tree contents to a relational database structure. Note that these tables automatically include primary key and foreign key columns to map the directory hierarchy.

The reverse-engineering process also creates a ROOT table that represents the root of the LDAP tree structure from the LDAP entry point downwards.

See LDAP Processing Overview for more information.

26.6 Designing a Mapping

You can use LDAP entries as a source or a target of a mapping.

The KM choice for a mapping or a check determines the abilities and performances of this mapping or check. The recommendations in this section help in the selection of the KM for different situations concerning an LDAP data server.

26.6.1 Loading Data from and to LDAP

An LDAP directory can be used as a mapping's source or target. The LKM choice in the Loading Knowledge Module tab that is used to load data between LDAP entries and other types of data servers is essential for the performance of the mapping.

26.6.1.1 Loading Data from an LDAP Directory

Use the Generic SQL KMs or the KMs specific to the other technology involved to load data from an LDAP database to a target or staging area database.

Table 26-2 lists some examples of KMs that you can use to load from an LDAP source to a staging area.

Table 26-2 KMs to Load from LDAP to a Staging Area

Staging Area	KM	Notes
Microsoft SQL Server	LKM SQL to MSSQL (BULK)	Uses SQL Server's bulk loader.
Oracle	LKM SQL to Oracle	Faster than the Generic LKM (Uses Statistics)
Sybase	LKM SQL to Sybase ASE (BCP)	Uses Sybase's bulk loader.
All	LKM SQL to SQL	Generic KM

26.6.1.2 Loading Data to an LDAP Directory

It is not advised to use an LDAP directory as a staging area.

26.6.2 Integrating Data in an LDAP Directory

LDAP can be used as a target of a mapping. The IKM choice in the Integration Knowledge Module tab determines the performances and possibilities for integrating.

Use the Generic SQL KMs or the KMs specific to the other technology involved to integrate data in an LDAP directory.

Table 26-3 lists some examples of KMs that you can use to integrate data from a staging area to an LDAP target.

Table 26-3 KMs to Integrate Data in an LDAP Directory

Mode	KM	Notes
Append	IKM SQL to SQL Append	Generic KM

26.7 Troubleshooting

This section provides information on how to troubleshoot problems that you might encounter when using LDAP in Oracle Data Integrator. It contains the following topics:

SQL operations (insert, update, delete) performed on the relational model are not propagated to the LDAP directory.

You are probably using an external RDBMS to store your relational model.
java.util.MissingResourceException: Can't find bundle for base name ldap_....

The property bundle file is missing, present in the incorrect directory or the filename is incorrect.
java.sql.SQLException: A NamingException occurred saying: [LDAP: error code 32 ....

The connection property bundle is possibly incorrect. Check the property values in the bundle files.
java.sql.SQLException: A NamingException occurred saying: [LDAP: error code 49 - Invalid Credentials]

The authentication property is possibly incorrect. Check the password.
java.sql.SQLException: Exception class javax.naming.NameNotFoundException occurred saying: [LDAP: error code 32 - No Such Object].

The LDAP tree entry point is possibly incorrect. Check the target DistinguishedName in the LDAP URL.
java.sql.SQLException: No suitable driver

This error message indicates that the driver is unable to process the URL is registered. The JDBC URL is probably incorrect. Check that the URL syntax is valid. See Installation and Configuration.