Data Storage and Retrieval on LDAP
LDAP differs substantially in structure from traditional relational databases.
Consider the following factors when retrieving or writing data to an LDAP server:
- Only fixed-length string data can be accessed via the LDAP connector. Variable-length data, or strings longer than 255 characters, are truncated to a length of 255 characters. Binary data cannot be accessed.
- The LDAP connector does not support overflow tables, so fields must not be formatted as C* or R*.
- LDAP does not support entity names. A Uniface entity is no more than a grouping of
fields to LDAP. It is always necessary to specify a retrieve profile that limits the amount of data
retrieved. For more information, see Map LDAP Entries to Uniface Entities.
It is also possible to restrict search scope using assignment settings using the searchscope connector option. .
- An incorrect retrieve profile can return data that is not relevant; if this data does not have all the fields of the Uniface entity, these fields are treated as empty. As this is correct retrieval behavior for LDAP, it does not generate an error unless mandatory fields are retrieved as ‘empty’.
- Multi-valued fields from an LDAP server are retrieved by Uniface in a
<GOLD>&
separated format. Multi-valued fields should also be written to the database in this format. - The LDAP protocol and the LDAP connector are case-insensitive. For example, a user
could log on as
ACLARKE
oraClarke
, because LDAP does not differentiate between these two strings. However, the majority of databases are case-sensitive:- Use $user with caution when authorizing users with an LDAP database.
- When passing user information stored in an LDAP database to a case-sensitive
database, always explicitly regularize the case. For example, convert all user names to uppercase
when storing user information in an INFORMIX database. User information can then be retrieved from
INFORMIX by converting the information in $user to uppercase:
uppercase $user, $CAPSUSER$ read u_where (NAMES_USERS.CUSTOMERS = $CAPSUSER$)
Tip: To have the connector write all entry and attribute names in lowercase, set the option identifier case to
lower
.
- The LDP OpenLDAP connector does not support sorting on more than one entry, so
order by
clauses are limited to one field only.