Oracle® Fusion Middleware Connectivity and Knowledge Modules Guide for Oracle Data Integrator 11g Release 1 (11.1.1) E12644-05 |
|
Previous |
Next |
This chapter describes how to work with LDAP directories in Oracle Data Integrator.
This chapter includes the following sections:
Oracle Data Integrator supports LDAP directories integration using the Oracle Data Integrator Driver for LDAP.
The LDAP concepts map the Oracle Data Integrator concepts as follows: An LDAP directory tree, more specifically the entry point to this LDAP tree, corresponds to a data server in Oracle Data Integrator. Within this data server, a single schema maps the content of the LDAP directory tree.
The Oracle Data Integrator Driver for LDAP (LDAP driver) loads the hierarchical structure of the LDAP tree into a relational schema. This relational schema is a set of tables that can be queried or modified using standard SQL statements.
The relational schema is reverse-engineered as a data model in ODI, with tables, columns, and constraints. This model is used like a normal relational data model in ODI. Any changes performed in the relational schema data (insert/update) is immediately impacted by the driver in the LDAP data.
See Appendix A, "Oracle Data Integrator Driver for LDAP Reference" for more information on this driver.
Oracle Data Integrator does not provide specific Knowledge Modules (KM) for the LDAP technology. You can use LDAP as a SQL data server. LDAP data servers support both the technology-specific KMs sourcing or targeting SQL data servers, as well as the generic KMs. See Chapter 4, "Generic SQL" or the technology chapters for more information on these KMs.
Make sure you have read the information in this section before you start working with the LDAP technology.
Before performing any installation you should read the system requirements and certification documentation to ensure that your environment meets the minimum installation requirements for the products you are installing.
The list of supported platforms and versions is available on Oracle Technical Network (OTN):
http://www.oracle.com/technology/products/oracle-data-integrator/index.html
.
There are no technology-specific requirements for using LDAP directories in Oracle Data Integrator.
This section lists the requirements for connecting to LDAP database.
Oracle Data Integrator Driver for LDAP
LDAP directories are accessed through the Oracle Data Integrator Driver for LDAP. This JDBC driver is installed with Oracle Data Integrator.
To connect to an LDAP directory you must ask the system administrator for the following connection information:
The URL to connect to the directory
The User and Password to connect to the directory
The Base Distinguished Name (Base DN). This is the location in the LDAP tree that ODI will access.
You may also require a connection to the Reference LDAP Tree structure and to an External Storage database for the driver. See Appendix B, "Oracle Data Integrator Driver for XML Reference" for more information on these concepts and configuration parameters.
Setting up the topology consists in:
An LDAP data server corresponds to an LDAP tree that is accessible to Oracle Data Integrator.
Create a data server for the LDAP technology using the standard procedure, as described in "Creating a Data Server" of the Oracle Fusion Middleware Developer's Guide for Oracle Data Integrator. This section details only the fields required or specific for defining a LDAP data server:
In the Definition tab:
Name: Name of the data server that will appear in Oracle Data Integrator.
User/Password: Name and password of the LDAP directory user.
In the JDBC tab, enter the values according to the driver used:
JDBC Driver: com.sunopsis.ldap.jdbc.driver.SnpsLdapDriver
JDBC URL: The driver supports two URL formats:
jdbc:snps:ldap?<property>=<value>[&<property>=<value>...]
jdbc:snps:ldap2?<property>=<value>[&<property>=<value>...]
These two URLs accept the key properties listed in Table 26-1. See Appendix A, "Driver Configuration" for a detailed description of these properties and for a comprehensive list of all JDBC driver properties.
Note: The first URL requires the LDAP directory password to be encoded. The second URL allows you to give the LDAP directory password without encoding it. It is recommended to use the first URL to secure the LDAP directory password. |
Table 26-1 JDBC Driver Properties
Property | Value | Notes |
---|---|---|
ldap_auth |
<authentication mode> |
LDAP Directory authentication method. See the |
ldap_url |
<LDAP URL> |
LDAP Directory URL. See the |
ldap_user |
<LDAP user name> |
LDAP Directory user name. See the |
ldap_password |
<LDAP user password> |
LDAP Directory user password. This password must be encoded if using the jdbc:snps:ldap URL syntax. See the |
lldap_basedn |
<base DN> |
LDAP Directory basedn. See the |
URL Examples
To connect an Oracle Internet Directory on server OHOST_OID
and port 3060
, using the user orcladmin
, and accessing this directory tree from the basedn dc=us,dc=oracle,dc=com
you can use the following URL:
jdbc:snps:ldap?ldap_url=ldap://OHOST_OID:3060/ &ldap_basedn=dc=us,dc=oracle,dc=com
&ldap_password=ENCODED_PASSWORD
&ldap_user=cn=orcladmin
Create an LDAP physical schema using the standard procedure, as described in "Creating a Physical Schema" of the Oracle Fusion Middleware Developer's Guide for Oracle Data Integrator.
Create for this physical schema a logical schema using the standard procedure, as described in "Creating a Logical Schema" of the Oracle Fusion Middleware Developer's Guide for Oracle Data Integrator and associate it in a given context.
Setting up a Project using the LDAP database follows the standard procedure. See "Creating an Integration Project" of the Oracle Fusion Middleware Developer's Guide for Oracle Data Integrator.
The recommended knowledge modules to import into your project for getting started are the following:
LKM SQL to SQL
LKM File to SQL
IKM SQL Control Append
This section contains the following topics:
A data model groups a set of datastores. Each datastore represents in the context of a directory a class or group of classes. Typically, classes are mapped to tables and attributes to column. See Appendix A, "LDAP to Relational Mapping" for more information.
Create an LDAP Model using the standard procedure, as described in "Creating a Model" of the Oracle Fusion Middleware Developer's Guide for Oracle Data Integrator.
LDAP supports standard reverse-engineering, which uses only the abilities of the LDAP driver.
When the reverse-engineering process of the LDAP driver translates the LDAP tree into a relational database structure, it constructs tables from sets of objects in the tree.
The names of these tables must reflect this original structure in order to maintain the mapping between the two. As a result, the table names are composed of the original LDAP object names that may be extremely long and not appropriate as datastore names in integration interfaces.
The solution consists in creating an alias file that contains a list of short and clear table name aliases. See Appendix A, "Table Aliases Configuration" for more information.
Standard Reverse-Engineering
To perform a Standard Reverse-Engineering on LDAP use the usual procedure, as described in "Reverse-engineering a Model" of the Oracle Fusion Middleware Developer's Guide for Oracle Data Integrator.
The standard reverse-engineering process will automatically map the LDAP tree contents to a relational database structure. Note that these tables automatically include primary key and foreign key columns to map the directory hierarchy.
The reverse-engineering process also creates a ROOT table that represents the root of the LDAP tree structure from the LDAP entry point downwards.
See Appendix A, "LDAP Processing Overview" for more information.
You can use LDAP entries as a source or a target of an integration interface.
The KM choice for an interface or a check determines the abilities and performances of this interface or check. The recommendations in this section help in the selection of the KM for different situations concerning an LDAP data server.
An LDAP directory can be used as an interface's source or target. The LKM choice in the Interface Flow tab that is used to load data between LDAP entries and other types of data servers is essential for the performance of the interface.
Use the Generic SQL KMs or the KMs specific to the other technology involved to load data from an LDAP database to a target or staging area database.
Table 26-2 lists some examples of KMs that you can use to load from an LDAP source to a staging area.
Table 26-2 KMs to Load from LDAP to a Staging Area
Staging Area | KM | Notes |
---|---|---|
Microsoft SQL Server |
LKM SQL to MSSQL (BULK) |
Uses SQL Server's bulk loader. |
Oracle |
LKM SQL to Oracle |
Faster than the Generic LKM (Uses Statistics) |
Sybase |
LKM SQL to Sybase ASE (BCP) |
Uses Sybase's bulk loader. |
All |
LKM SQL to SQL |
Generic KM |
LDAP can be used as a target of an interface. The IKM choice in the Interface Flow tab determines the performances and possibilities for integrating.
Use the Generic SQL KMs or the KMs specific to the other technology involved to integrate data in an LDAP directory.
Table 26-3 lists some examples of KMs that you can use to integrate data from a staging area to an LDAP target.
This section provides information on how to troubleshoot problems that you might encounter when using LDAP in Oracle Data Integrator. It contains the following topics:
SQL operations (insert, update, delete) performed on the relational model are not propagated to the LDAP directory.
You are probably using an external RDBMS to store your relational model.
java.util.MissingResourceException: Can't find bundle for base name ldap_....
The property bundle file is missing, present in the incorrect directory or the filename is incorrect.
java.sql.SQLException: A NamingException occurred saying: [LDAP: error code 32 ....
The connection property bundle is possibly incorrect. Check the property values in the bundle files.
java.sql.SQLException: A NamingException occurred saying: [LDAP: error code 49 - Invalid Credentials]
The authentication property is possibly incorrect. Check the password.
java.sql.SQLException: Exception class javax.naming.NameNotFoundException occurred saying: [LDAP: error code 32 - No Such Object].
The LDAP tree entry point is possibly incorrect. Check the target DistinguishedName in the LDAP URL.
java.sql.SQLException: No suitable driver
This error message indicates that the driver is unable to process the URL is registered. The JDBC URL is probably incorrect. Check that the URL syntax is valid. See Section A.3, "Installation and Configuration".