LDAP Data Source
Last Updated: 05 Jul 2016
An LDAP Data Source allows you to query an external LDAP directory within Squiz Matrix, returning LDAP groups and users as shadow assets within your system. The LDAP information returned can then be accessed via keyword replacements for use on your Site, for example, to list LDAP user information on an Asset Listing Page.
Bookmarks to the headings on this page:
Once you have created your LDAP Data Source, you can configure the asset on its associated screens. Many of these screens are the same or similar to those for a Standard Page and are described in the Asset Screens manual. For more information on the Record Filter screen, refer to the DB Data Source chapter in this manual.
In this chapter we will describe the Details, Search Filter and Dynamic Inputs screens, which are different for an LDAP Data Source.
Details Screen
The Details screen for an LDAP Data Source allows you to setup the connection details for the external LDAP database. For more information about the Status, Future Status, Thumbnail and Details sections of the Details screen, refer to the Details Screen chapter in the Asset Screens manual.
LDAP Bridge Connection Details
The LDAP Bridge Connection Details section allows you to enter the settings for the LDAP directory that you want to connect to.
The fields in this section are similar to those on the Details screen of an LDAP Bridge asset. For more information, refer to the Details Screen chapter in the LDAP manual.
Use an LDAP Bridge Asset
The Use an LDAP Bridge Asset section allows you to select an existing LDAP directory connection within your system (via an LDAP Bridge asset) rather than configuring the connection within the LDAP Data Source.
In the LDAP Bridge Asset field, select an LDAP Bridge asset to use as the connection to the external LDAP directory. Please note that if this option is used, the settings in the LDAP Bridge Connection Details section will have no effect.
Search Filter Screen
The Search Filter screen is used to enter the LDAP query that will be run on the LDAP database specified on the Details screen.
LDAP Search Filter
The LDAP Search Filter section allows you to enter the LDAP query to filter the results returned from the LDAP database.
Shadow assets in the Asset Map
Enter the search filter into the Search Filter Query field and click Commit. Shadow assets will be displayed under the LDAP Data Source in the Asset Map, as shown in the figure to the right.
For more information on shadow assets, refer to the Shadow Assets chapter in this manual.
You can specify how these assets are sorted by entering a value in the Sort By field. For example, entering uidnumber would sort any returned LDAP users by their user ID numbers.
The Attributes To Extract field allows you to specify the attribute information to extract from the connected LDAP directory. These attributes are specified as a comma-separated list, for example:
objectclass, uidnumber, givenname, description
If no attributes are specified in this field, all attributes will be returned on the LDAP Data Source.
Similarly, the Binary Attributes To Extract field defines the attribute information to extract from the connected LDAP directory that should be recognised as binary data. These attributes are specified as a comma-separated list, in the same manner as the Attributes To Extract field, as shown in the example above.
Squiz Matrix will identify extracted data from the attributes specified in this field as binary. This information can then be reused within the system through the use of the keyword replacements. For more information refer to the Available Keywords section below.
Record Set Asset Names
The Record Set Asset Names section allows you to specify the name of the Shadow Assets that appear under the LDAP Data Source in the Asset Map.
Renamed shadow assets
In the Record Set Asset Names field, enter the name that should be used for record sets exposed by the LDAP Data Source. This name can either be a normal string or a combination of strings and keyword replacements. For example you can enter %data_source_record_set_givenname% to display the given name of the LDAP user/group as the name of your shadow assets, as shown in the figure to the right.
Available Keywords
This section provides a list of available keyword replacements for the shadow assets exposed by the LDAP Data Source. You can use any combination of these keyword replacements as the name of the shadow assets, as configured in the Record Set Asset Names field. These keyword replacements can also be used to print LDAP information on your Site, for example, on an Asset Listing Page.
Dynamic Inputs Screen
The Dynamic Inputs screen allows you use dynamic parameters within the LDAP search filter query string.
Dynamic Variables
This section allows you to add variable names for the parameters that you want to add.
Enter the variable name into the Name field, enter the default value into the Default Value field and click Commit. The variable will be added to the list, as show in the figure below.
An example dynamic variable
Once you have added a variable, you can set it up within the Data Mappings section. To delete a variable, click the Delete box and click Commit.To use the variable within the LDAP search filter query string, add double-percentage signs around the variable name. For example, if the name of the variable is Variable, add %%Variable%% within the Search Filter Query field on the Search Filter screen. Please note that variable names are case sensitive, so, for example,Variable is not the same as variable.
Data Mappings
This section allows you to set up the dynamic variables that have been added in the section above.
Select which variable to edit from the Parameter list and select a source from the Source list. For more information on the options in the list, refer to the Asset Listing manual.