This chapter includes the following sections:
Oracle Data Integrator supports LDAP directories integration using the Oracle Data Integrator Driver for LDAP.
The LDAP concepts map the Oracle Data Integrator concepts as follows: An LDAP directory tree, more specifically the entry point to this LDAP tree, corresponds to a data server in Oracle Data Integrator. Within this data server, a single schema maps the content of the LDAP directory tree.
The Oracle Data Integrator Driver for LDAP (LDAP driver) loads the hierarchical structure of the LDAP tree into a relational schema. This relational schema is a set of tables that can be queried or modified using standard SQL statements.
Note:ODI LDAP driver's support for LDAP servers is limited. All the features of the driver may not work on any given instance of an LDAP server. ODI uses Java JNDI API to interact with the LDAP servers. If the LDAP server adheres exactly with LDAP specifications, then driver features will work. Otherwise, some of the features may not work.
The relational schema is reverse-engineered as a data model in ODI, with tables, columns, and constraints. This model is used like a normal relational data model in ODI. Any changes performed in the relational schema data (insert/update) is immediately impacted by the driver in the LDAP data.
See Oracle Data Integrator Driver for LDAP Reference for more information on this driver.
Oracle Data Integrator does not provide specific Knowledge Modules (KM) for the LDAP technology. You can use LDAP as a SQL data server. LDAP data servers support both the technology-specific KMs sourcing or targeting SQL data servers, as well as the generic KMs. See Generic SQL or the technology chapters for more information on these KMs.
Installation and Configuration
Make sure you have read the information in this section before you start working with the LDAP technology.
Before performing any installation you should read the system requirements and certification documentation to ensure that your environment meets the minimum installation requirements for the products you are installing.
The list of supported platforms and versions is available on Oracle Technical Network (OTN):
Technologic Specific Requirements
There are no technology-specific requirements for using LDAP directories in Oracle Data Integrator.
This section lists the requirements for connecting to LDAP database.
Oracle Data Integrator Driver for LDAP
LDAP directories are accessed through the Oracle Data Integrator Driver for LDAP. This JDBC driver is installed with Oracle Data Integrator.
To connect to an LDAP directory you must ask the system administrator for the following connection information:
The URL to connect to the directory
The User and Password to connect to the directory
The Base Distinguished Name (Base DN). This is the location in the LDAP tree that ODI will access.
You may also require a connection to the Reference LDAP Tree structure and to an External Storage database for the driver. See Oracle Data Integrator Driver for XML Reference for more information on these concepts and configuration parameters.
Setting up the Topology
Setting up the topology consists in:
Creating an LDAP Data Server
An LDAP data server corresponds to an LDAP tree that is accessible to Oracle Data Integrator.
Creation of the Data Server
Create a data server for the LDAP technology using the standard procedure, as described in Creating a Data Server of Administering Oracle Data Integrator. This section details only the fields required or specific for defining a LDAP data server:
- In the Definition tab:
Name: Name of the data server that will appear in Oracle Data Integrator.
User/Password: Name and password of the LDAP directory user.
- In the JDBC tab, enter the values according to the driver used:
JDBC URL: The driver supports two URL formats:
The first URL requires the LDAP directory password to be encoded. The second URL allows you to give the LDAP directory password without encoding it. It is recommended to use the first URL to secure the LDAP directory password.
Table 26-1 JDBC URL Properties
Property Value Notes
LDAP Directory authentication method. See the
authproperty in Table A-1
LDAP Directory URL. The URL must not contain spaces. If there are spaces in the URL, replace them with %20.
urlproperty in Table A-1
<LDAP user name>
LDAP Directory user name. See the
userproperty in Table A-1
<LDAP user password>
LDAP Directory user password. This password must be encoded if using the jdbc:snps:ldap URL syntax.
passwordproperty in Table A-1
LDAP Directory basedn. The basedn must not contain spaces. If there are spaces in the basedn, replace them with %20.
basednproperty in Table A-1
Example 26-1 URL Examples
To connect an Oracle Internet Directory on server
OHOST_OID and port
3060, using the user
orcladmin, and accessing this directory tree from the basedn
dc=us,dc=oracle,dc=com you can use the following URL:
jdbc:snps:ldap?ldap_url=ldap://OHOST_OID:3060/ &ldap_basedn=dc=us,dc=oracle,dc=com &ldap_password=ENCODED_PASSWORD &ldap_user=cn=orcladmin
Creating a Physical Schema for LDAP
Create an LDAP physical schema using the standard procedure, as described in Creating a Physical Schema in Administering Oracle Data Integrator.
Create for this physical schema a logical schema using the standard procedure, as described in Creating a Logical Schema in Administering Oracle Data Integrator and associate it in a given context.
Setting Up an Integration Project
Setting up a Project using the LDAP database follows the standard procedure. See Creating an Integration Project of Developing Integration Projects with Oracle Data Integrator.
The recommended knowledge modules to import into your project for getting started are the following:
LKM SQL to SQL
LKM File to SQL
IKM SQL Control Append
Creating and Reverse-Engineering an LDAP Directory
Create an LDAP Model
A data model groups a set of datastores. Each datastore represents in the context of a directory a class or group of classes. Typically, classes are mapped to tables and attributes to column. See LDAP to Relational Mapping for more information.
Create an LDAP Model using the standard procedure, as described in Creating a Model of Developing Integration Projects with Oracle Data Integrator.
Reverse-Engineering an LDAP Model
LDAP supports standard reverse-engineering, which uses only the abilities of the LDAP driver.
When the reverse-engineering process of the LDAP driver translates the LDAP tree into a relational database structure, it constructs tables from sets of objects in the tree.
The names of these tables must reflect this original structure in order to maintain the mapping between the two. As a result, the table names are composed of the original LDAP object names that may be extremely long and not appropriate as datastore names in mappings.
The solution consists in creating an alias file that contains a list of short and clear table name aliases. See Table Aliases Configuration for more information.
To perform a Standard Reverse-Engineering on LDAP use the usual procedure, as described in Reverse-engineering a Model of Developing Integration Projects with Oracle Data Integrator.
The standard reverse-engineering process will automatically map the LDAP tree contents to a relational database structure. Note that these tables automatically include primary key and foreign key columns to map the directory hierarchy.
The reverse-engineering process also creates a ROOT table that represents the root of the LDAP tree structure from the LDAP entry point downwards.
See LDAP Processing Overview for more information.
Designing a Mapping
You can use LDAP entries as a source or a target of a mapping.
The KM choice for a mapping or a check determines the abilities and performances of this mapping or check. The recommendations in this section help in the selection of the KM for different situations concerning an LDAP data server.
Loading Data from and to LDAP
An LDAP directory can be used as a mapping's source or target. The LKM choice in the Loading Knowledge Module tab that is used to load data between LDAP entries and other types of data servers is essential for the performance of the mapping.
Loading Data from an LDAP Directory
Use the Generic SQL KMs or the KMs specific to the other technology involved to load data from an LDAP database to a target or staging area database.
Table 26-2 lists some examples of KMs that you can use to load from an LDAP source to a staging area.
Table 26-2 KMs to Load from LDAP to a Staging Area
Microsoft SQL Server
LKM SQL to MSSQL (BULK)
Uses SQL Server's bulk loader.
LKM SQL to Oracle
Faster than the Generic LKM (Uses Statistics)
LKM SQL to Sybase ASE (BCP)
Uses Sybase's bulk loader.
LKM SQL to SQL
Integrating Data in an LDAP Directory
LDAP can be used as a target of a mapping. The IKM choice in the Integration Knowledge Module tab determines the performances and possibilities for integrating.
Use the Generic SQL KMs or the KMs specific to the other technology involved to integrate data in an LDAP directory.
Table 26-3 lists some examples of KMs that you can use to integrate data from a staging area to an LDAP target.
Table 26-3 KMs to Integrate Data in an LDAP Directory
IKM SQL to SQL Append
This section provides information on how to troubleshoot problems that you might encounter when using LDAP in Oracle Data Integrator. It contains the following topics:
SQL operations (insert, update, delete) performed on the relational model are not propagated to the LDAP directory.
You are probably using an external RDBMS to store your relational model.
java.util.MissingResourceException: Can't find bundle for base name ldap_....
The property bundle file is missing, present in the incorrect directory or the filename is incorrect.
java.sql.SQLException: A NamingException occurred saying: [LDAP: error code 32 ....
The connection property bundle is possibly incorrect. Check the property values in the bundle files.
java.sql.SQLException: A NamingException occurred saying: [LDAP: error code 49 - Invalid Credentials]
The authentication property is possibly incorrect. Check the password.
java.sql.SQLException: Exception class javax.naming.NameNotFoundException occurred saying: [LDAP: error code 32 - No Such Object].
The LDAP tree entry point is possibly incorrect. Check the target DistinguishedName in the LDAP URL.
java.sql.SQLException: No suitable driver
This error message indicates that the driver is unable to process the URL is registered. The JDBC URL is probably incorrect. Check that the URL syntax is valid. See Installation and Configuration.