Skip Headers
Oracle® Fusion Middleware Connectivity and Knowledge Modules Guide for Oracle Data Integrator
11g Release 1 (11.1.1)

Part Number E12644-05
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

26 LDAP Directories

This chapter describes how to work with LDAP directories in Oracle Data Integrator.

This chapter includes the following sections:

26.1 Introduction

Oracle Data Integrator supports LDAP directories integration using the Oracle Data Integrator Driver for LDAP.

26.1.1 Concepts

The LDAP concepts map the Oracle Data Integrator concepts as follows: An LDAP directory tree, more specifically the entry point to this LDAP tree, corresponds to a data server in Oracle Data Integrator. Within this data server, a single schema maps the content of the LDAP directory tree.

The Oracle Data Integrator Driver for LDAP (LDAP driver) loads the hierarchical structure of the LDAP tree into a relational schema. This relational schema is a set of tables that can be queried or modified using standard SQL statements.

The relational schema is reverse-engineered as a data model in ODI, with tables, columns, and constraints. This model is used like a normal relational data model in ODI. Any changes performed in the relational schema data (insert/update) is immediately impacted by the driver in the LDAP data.

See Appendix A, "Oracle Data Integrator Driver for LDAP Reference" for more information on this driver.

26.1.2 Knowledge Modules

Oracle Data Integrator does not provide specific Knowledge Modules (KM) for the LDAP technology. You can use LDAP as a SQL data server. LDAP data servers support both the technology-specific KMs sourcing or targeting SQL data servers, as well as the generic KMs. See Chapter 4, "Generic SQL" or the technology chapters for more information on these KMs.

26.2 Installation and Configuration

Make sure you have read the information in this section before you start working with the LDAP technology.

26.2.1 System Requirements

Before performing any installation you should read the system requirements and certification documentation to ensure that your environment meets the minimum installation requirements for the products you are installing.

The list of supported platforms and versions is available on Oracle Technical Network (OTN):

http://www.oracle.com/technology/products/oracle-data-integrator/index.html.

26.2.2 Technologic Specific Requirements

There are no technology-specific requirements for using LDAP directories in Oracle Data Integrator.

26.2.3 Connectivity Requirements

This section lists the requirements for connecting to LDAP database.

Oracle Data Integrator Driver for LDAP

LDAP directories are accessed through the Oracle Data Integrator Driver for LDAP. This JDBC driver is installed with Oracle Data Integrator.

To connect to an LDAP directory you must ask the system administrator for the following connection information:

  • The URL to connect to the directory

  • The User and Password to connect to the directory

  • The Base Distinguished Name (Base DN). This is the location in the LDAP tree that ODI will access.

You may also require a connection to the Reference LDAP Tree structure and to an External Storage database for the driver. See Appendix B, "Oracle Data Integrator Driver for XML Reference" for more information on these concepts and configuration parameters.

26.3 Setting up the Topology

Setting up the topology consists in:

  1. Creating an LDAP Data Server

  2. Creating a Physical Schema for LDAP

26.3.1 Creating an LDAP Data Server

An LDAP data server corresponds to an LDAP tree that is accessible to Oracle Data Integrator.

26.3.1.1 Creation of the Data Server

Create a data server for the LDAP technology using the standard procedure, as described in "Creating a Data Server" of the Oracle Fusion Middleware Developer's Guide for Oracle Data Integrator. This section details only the fields required or specific for defining a LDAP data server:

  1. In the Definition tab:

    • Name: Name of the data server that will appear in Oracle Data Integrator.

    • User/Password: Name and password of the LDAP directory user.

  2. In the JDBC tab, enter the values according to the driver used:

    • JDBC Driver: com.sunopsis.ldap.jdbc.driver.SnpsLdapDriver

    • JDBC URL: The driver supports two URL formats:

      • jdbc:snps:ldap?<property>=<value>[&<property>=<value>...]

      • jdbc:snps:ldap2?<property>=<value>[&<property>=<value>...]

      These two URLs accept the key properties listed in Table 26-1. See Appendix A, "Driver Configuration" for a detailed description of these properties and for a comprehensive list of all JDBC driver properties.

      Note:

      The first URL requires the LDAP directory password to be encoded. The second URL allows you to give the LDAP directory password without encoding it. It is recommended to use the first URL to secure the LDAP directory password.

    Table 26-1 JDBC Driver Properties

    Property Value Notes

    ldap_auth

    <authentication mode>

    LDAP Directory authentication method. See the auth property in Table A-1

    ldap_url

    <LDAP URL>

    LDAP Directory URL. See the url property in Table A-1

    ldap_user

    <LDAP user name>

    LDAP Directory user name. See the user property in Table A-1

    ldap_password

    <LDAP user password>

    LDAP Directory user password. This password must be encoded if using the jdbc:snps:ldap URL syntax.

    See the password property in Table A-1

    lldap_basedn

    <base DN>

    LDAP Directory basedn. See the basedn property in Table A-1


URL Examples

To connect an Oracle Internet Directory on server OHOST_OID and port 3060, using the user orcladmin, and accessing this directory tree from the basedn dc=us,dc=oracle,dc=com you can use the following URL:

jdbc:snps:ldap?ldap_url=ldap://OHOST_OID:3060/
&ldap_basedn=dc=us,dc=oracle,dc=com

&ldap_password=ENCODED_PASSWORD

&ldap_user=cn=orcladmin

26.3.2 Creating a Physical Schema for LDAP

Create an LDAP physical schema using the standard procedure, as described in "Creating a Physical Schema" of the Oracle Fusion Middleware Developer's Guide for Oracle Data Integrator.

Create for this physical schema a logical schema using the standard procedure, as described in "Creating a Logical Schema" of the Oracle Fusion Middleware Developer's Guide for Oracle Data Integrator and associate it in a given context.

26.4 Setting Up an Integration Project

Setting up a Project using the LDAP database follows the standard procedure. See "Creating an Integration Project" of the Oracle Fusion Middleware Developer's Guide for Oracle Data Integrator.

The recommended knowledge modules to import into your project for getting started are the following:

26.5 Creating and Reverse-Engineering an LDAP Directory

This section contains the following topics:

26.5.1 Create an LDAP Model

A data model groups a set of datastores. Each datastore represents in the context of a directory a class or group of classes. Typically, classes are mapped to tables and attributes to column. See Appendix A, "LDAP to Relational Mapping" for more information.

Create an LDAP Model using the standard procedure, as described in "Creating a Model" of the Oracle Fusion Middleware Developer's Guide for Oracle Data Integrator.

26.5.2 Reverse-Engineering an LDAP Model

LDAP supports standard reverse-engineering, which uses only the abilities of the LDAP driver.

When the reverse-engineering process of the LDAP driver translates the LDAP tree into a relational database structure, it constructs tables from sets of objects in the tree.

The names of these tables must reflect this original structure in order to maintain the mapping between the two. As a result, the table names are composed of the original LDAP object names that may be extremely long and not appropriate as datastore names in integration interfaces.

The solution consists in creating an alias file that contains a list of short and clear table name aliases. See Appendix A, "Table Aliases Configuration" for more information.

Standard Reverse-Engineering

To perform a Standard Reverse-Engineering on LDAP use the usual procedure, as described in "Reverse-engineering a Model" of the Oracle Fusion Middleware Developer's Guide for Oracle Data Integrator.

The standard reverse-engineering process will automatically map the LDAP tree contents to a relational database structure. Note that these tables automatically include primary key and foreign key columns to map the directory hierarchy.

The reverse-engineering process also creates a ROOT table that represents the root of the LDAP tree structure from the LDAP entry point downwards.

See Appendix A, "LDAP Processing Overview" for more information.

26.6 Designing an Interface

You can use LDAP entries as a source or a target of an integration interface.

The KM choice for an interface or a check determines the abilities and performances of this interface or check. The recommendations in this section help in the selection of the KM for different situations concerning an LDAP data server.

26.6.1 Loading Data from and to LDAP

An LDAP directory can be used as an interface's source or target. The LKM choice in the Interface Flow tab that is used to load data between LDAP entries and other types of data servers is essential for the performance of the interface.

26.6.1.1 Loading Data from an LDAP Directory

Use the Generic SQL KMs or the KMs specific to the other technology involved to load data from an LDAP database to a target or staging area database.

Table 26-2 lists some examples of KMs that you can use to load from an LDAP source to a staging area.

Table 26-2 KMs to Load from LDAP to a Staging Area

Staging Area KM Notes

Microsoft SQL Server

LKM SQL to MSSQL (BULK)

Uses SQL Server's bulk loader.

Oracle

LKM SQL to Oracle

Faster than the Generic LKM (Uses Statistics)

Sybase

LKM SQL to Sybase ASE (BCP)

Uses Sybase's bulk loader.

All

LKM SQL to SQL

Generic KM


26.6.1.2 Loading Data to an LDAP Directory

It is not advised to use an LDAP directory as a staging area.

26.6.2 Integrating Data in an LDAP Directory

LDAP can be used as a target of an interface. The IKM choice in the Interface Flow tab determines the performances and possibilities for integrating.

Use the Generic SQL KMs or the KMs specific to the other technology involved to integrate data in an LDAP directory.

Table 26-3 lists some examples of KMs that you can use to integrate data from a staging area to an LDAP target.

Table 26-3 KMs to Integrate Data in an LDAP Directory

Mode KM Notes

Append

IKM SQL to SQL Append

Generic KM


26.7 Troubleshooting

This section provides information on how to troubleshoot problems that you might encounter when using LDAP in Oracle Data Integrator. It contains the following topics: