Data Storage and Retrieval on LDAP

LDAP differs substantially in structure from traditional relational databases.

Consider the following factors when retrieving or writing data to an LDAP server:

  • Only fixed-length string data can be accessed via the LDAP connector. Variable-length data, or strings longer than 255 characters, are truncated to a length of 255 characters. Binary data cannot be accessed.
  • The LDAP connector does not support overflow tables, so fields must not be formatted as C* or R*.
  • LDAP does not support entity names. A Uniface entity is no more than a grouping of fields to LDAP. It is always necessary to specify a retrieve profile that limits the amount of data retrieved. For more information, see Map LDAP Entries to Uniface Entities.

    It is also possible to restrict search scope using assignment settings using the searchscope connector option. .

  • An incorrect retrieve profile can return data that is not relevant; if this data does not have all the fields of the Uniface entity, these fields are treated as empty. As this is correct retrieval behavior for LDAP, it does not generate an error unless mandatory fields are retrieved as ‘empty’.
  • Multi-valued fields from an LDAP server are retrieved by Uniface in a <GOLD>& separated format. Multi-valued fields should also be written to the database in this format.
  • The LDAP protocol and the LDAP connector are case-insensitive. For example, a user could log on as ACLARKE or aClarke, because LDAP does not differentiate between these two strings. However, the majority of databases are case-sensitive:
    • Use $user with caution when authorizing users with an LDAP database.
    • When passing user information stored in an LDAP database to a case-sensitive database, always explicitly regularize the case. For example, convert all user names to uppercase when storing user information in an INFORMIX database. User information can then be retrieved from INFORMIX by converting the information in $user to uppercase: 
      uppercase $user, $CAPSUSER$
read u_where (NAMES_USERS.CUSTOMERS = $CAPSUSER$)

      Tip: To have the connector write all entry and attribute names in lowercase, set the option identifier case to lower.

  • The LDP OpenLDAP connector does not support sorting on more than one entry, so order by clauses are limited to one field only.

Related Topics