LDAP data source

An LDAP data source allows you to query an external LDAP directory within Matrix, returning LDAP groups and users as shadow assets within your system.

The LDAP information returned can then be accessed through keyword replacements for use on your site, such as listing LDAP user information on an asset listing page.

Once you have created your LDAP data source, you can configure the asset on its associated screens. Many of these screens are similar to a standard page. They are described in the Asset screens documentation.

Read the DB data source documentation for more information on the Record filter screen

This documentation will describe the Details, Search filter, and Dynamic inputs screens, which are different for an LDAP data source.

Details screen

The Details screen for an LDAP data source allows you to set up the connection details for the external LDAP database.

Read the Asset screens documentation for more information about the Status, Future status, Thumbnail, and Details sections of the Details screen.

LDAP bridge connection details

The LDAP bridge connection details section allows you to enter the settings for the LDAP directory to which you want to connect.

The fields in this section are similar to those on the Details screen of an LDAP bridge asset.

Use an LDAP bridge asset

The use of an LDAP bridge asset section allows you to select an existing LDAP directory connection within your system (through an LDAP bridge asset) rather than configuring the connection within the LDAP data source.

In the LDAP bridge asset field, select an LDAP bridge asset to connect to the external LDAP directory.

If this option is used, the settings in the LDAP bridge connection details section will have no effect.

Search filter screen

The search filter screen is used to enter the LDAP query run on the LDAP database specified on the Details screen.

LDAP search filter

The LDAP search filter section allows you to enter the LDAP query to filter the results returned from the LDAP database.

Enter the search filter into the search filter query field and click Save.

Shadow assets will be displayed under the LDAP data source in the asset tree.

Shadow assets in the asset tree

Read the Shadow assets documentation for more information on shadow assets.

You can specify how these assets are sorted by entering a value in the sort by field. For example, entering uidnumber would sort any returned LDAP users by their user ID numbers.

The attributes to extract field allows you to specify the attribute information to extract from the connected LDAP directory. These attributes are specified as a comma-separated list, for example:

objectclass, uidnumber, givenname, description

If no attributes are specified in this field, all attributes will be returned on the LDAP data source.

Similarly, the binary attributes to extract field defines the attribute information to extract from the connected LDAP directory that should be recognized as binary data. These attributes are specified as a comma-separated list in the same manner as the attributes to extract field.

Matrix will identify extracted data from the attributes specified in this field as binary. This information can then be reused within the system through the use of keyword replacements. Read the Available keywords section below for more information.

Record set asset names

The record set asset names section allows you to specify the shadow assets that appear under the LDAP data source in the asset tree.

In the record set asset names field, enter the name used for record sets exposed by the LDAP data source. This name can either be a standard string or a combination of strings and keyword replacements. For example, you can enter %data_source_record_set_givenname% to display the given name of the LDAP user/group as the name of your shadow assets.

Renamed shadow assets

Available keywords

This section provides a list of available keyword replacements for the shadow assets exposed by the LDAP data source. You can use any combination of these keyword replacements as the name of the shadow assets, as configured in the Record set asset names field. These keyword replacements can also be used to print LDAP information on your site, for example, on an asset listing page.

Dynamic inputs screen

The dynamic inputs screen allows you to use dynamic parameters within the LDAP search filter query string.

Dynamic variables

This section allows you to add variable names for the parameters that you want to add.

Enter the variable name into the name field, enter the default value into the default value field and click Save. The variable will be added to the list.

An example dynamic variable

Once you have added a variable, you can set it up within the data mappings section.

To delete a variable:

  1. Click the Delete box.

  2. Click Save.

To use the variable within the LDAP search filter query string, add double-percentage signs around the variable name. For example, if the variable’s name is variable, add %%variable%% within the search filter query field on the search filter screen.

Variable names are case sensitive, so, for example, Variable is not the same as variable.

Data mappings

This section allows you to set up the dynamic variables that have been added in the section above.

Select which variable to edit from the parameter list and select a source from the source list. Read the Asset listing documentation for more information about the options in the list.

© 2015- Squiz Pty Ltd