Depending on the data that is going to be read, SQL queries performed via SQLCreator or SQLExecutor often produce a better result than the LDAP Reader. Due to the ability to specify search scope, SELECT queries may look a little different from the average SQL.
Here is the basic structure (taken from https://myvd.sourceforge.net/bridge.html):
SELECT <*|DN|attribute1,attribute2,...,attributeX> FROM <scope>;<searchBase> [WHERE <whereClause>]
The first part denotes the attributes to be read:
- DN – Returns Distinguished Name.
- * – Returns all attributes of all nodes within the search scope. If your node contains various object classes with unrelated attributes, this will return them all.
- attribute1,attribute2,... – List of attributes to be returned.
The second part denotes the search scope. Following are the valid values:
- objectScope – Returns selected attributes only from the node from which you're searching.
- oneLevelScope – Returns results from the node you’re searching from and its immediate children.
- subTreeScope – Returns results from the node you’re searching from and all its descendants.
The third part is <searchBase> – The node that you’re searching from, in Distinguished Name format. Example: dc=domain,dc=com.
The fourth part is the WHERE clause. The WHERE clause uses SQL notation, not LDAP. Here’s how some LDAP filters can be represented using SQL notation:
|
Filter Type |
LDAP Filter |
SQL WHERE Clause |
|---|---|---|
|
Equality |
(cn=Some User) |
... WHERE cn = 'Some User' |
|
Partial |
(cn=Marc*) |
... WHERE cn LIKE 'Marc%' |
|
Presence |
(cn=*) |
... WHERE cn IS NOT NULL |
|
And |
(&(cn=Some User)(sn=User)) |
... WHERE cn = 'Some User' AND sn = 'User' |
|
Or |
(|(cn=Some User)(sn=User)) |
... WHERE cn = 'Some User' OR sn = 'User' |
|
Not |
(!(sn=User)) |
... WHERE NOT sn = 'User' |
Multi-Valued Attributes
In case any of the attributes are multi-valued, their values are concatenated into a single field using the pattern [value1][value2][value3].
Handling Large Result Sets
If you’re expecting a large result set to be returned by your searches, either via LDAP/ActiveDirectory Reader or by SQL queries, you may exceed the MaxPageSize policy in your LDAP server and run into a “Sizelimit exceeded” error message. To overcome this, you’ll need to increase the MaxPageSize policy in your LDAP server.
Here’s how to do this in an Active Directory server:
| 1. | Log in as an LDAP admin in the domain controller, open Start menu > Run > ntdsutil.exe. |
| 2. | In the command prompt, under ntdsutil.exe, type LDAP policies and press Enter. |
| 3. | At the ldap policy command prompt, type connections. |
| 4. | At the server connections prompt, type connect to server <DNS name of server>. |
| 5. | Exit the server connections prompt by typing q. |
| 6. | Back on ldap policy command prompt, type show values to view the current ldap policy values. |
| 7. | From the ldap policy command prompt, type Set MaxPageSize to x, where x is the new desired limit. |
| 8. | To save changes, type commit changes. |
| 9. | To quit ldap policy, type q. |
| 10. | To quit NtdsUtil.exe, type q. |