The Lightweight Directory Access Protocol (LDAP) is a network protocol for querying and modifying information on distributed directory services over an IP network. See also section LDAP (add-on).

Settings

(1) LDAP alias: Selection of a defined LDAP alias. See also section LDAP connection.

(2) Gear icon on the right: A fitting source structure can be generated automatically and the LDAP query can be tested.

(3) Base DN: The Base DN defines where the downwards search for specific objects should start in the directory tree (DN = distinguished name). Example: "dc=Lobster,dc=com".

(4) Search depth: The scope of the search: Object (exactly this object), One layer (the layer below the Base DN) or Tree (this object and everything below).

(5) Search: The search filter (in LDAP syntax). Example : "cn=Max*".

(6) Read fields only: The attributes to be returned can be specified explicitly. If left blank, all attributes are returned. Example: "SN,CN,OU".

(7) Max hits: Here you can limit the maximum number of results to be returned. Value 0 means no restriction. Important note: Please note that the maximum number of results (the number of found objects) is often limited on the server itself, i.e. if you specify a larger value in (7), it does not apply. This can be handled with the so-called paging. To use paging, you have to set the option <Set name="pageSize">500</Set> in configuration file ./etc/ldap.xml for each desired alias (the value 500 is just an example). Searches are then handled similarly to a database cursor. If, for example, 1200 results are found, pages with 500, 500 and 200 objects are reported. The LdapService will retrieve pages until there are none left. As a result, more results than the maximum number specified on the server can be picked up.