LDAP Extract

With the LDAP extract, a query can be executed on an LDAP server, such as Microsoft Active Directory. The following information must be entered for the query:

Settings

Connection	Connection to an LDAP connection.
Base DN	Base Distinguished Name: this is the name of the base object entry (or possibly the root) relative to the search to be performed. Example: uid=user, ou=people, dc=example, dc=com
Scope	Possible values: base: Searching only the entry at the Base DN. Only that entry is returned. one: Searching all entries exactly one level under the Base DN. This doesn't include the Base DN itself. subtree (default): Searching of all entries. This includes all levels under and including the specified Base DN.
Object Classes	Object classes (optional): set of object classes used in the search filter. Object classes define collections of attributes. They have to be separated with spaces (" ") Example: person posixAccount inetOrgPerson Supplemental classes, such as securityPrincipal, should be additionally specified in the "Object Classes" field with the main class. Example: user securityPrincipal
Search Filter	Search filter (optional): criteria to use in selecting elements within the scope. The full syntax of the query can be found here: http://www.faqs.org/rfcs/rfc2254.html Example: (\|(uid=user1)(uid=user2))

When both "Object Classes" and "Search Filter" fields are provided in the LDAP Extract, for example:

Copy

<classes>organizationalPerson securityPrincipal</classes>
<query>(postalCode=79098)</query>

Then the following final Query is built:

Copy

(&(postalCode=79098)(|(objectClass=OrganizationalPerson)(objectClass=securityPrincipal)))

Alternative names and default values can be assigned for each field of the extract (see Relational Extract).

Below the Settings you have the option to use caching for none (default), memory, or disk. See Caching in Extracts for more information.

Updated April 14, 2025