Contents
The TIBCO StreamBase® Adapter for LDAP Connection allows a StreamBase application to connect to an LDAP server.
This section describes the properties you can set for this adapter, using the various tabs of the Properties view in StreamBase Studio.
Property | Description |
---|---|
Connect At Startup | If enabled the adapter will attempt to connect to the LDAP server at system startup. |
Connection Type | The type of connection to create. |
Security Type | The type of security to use for the connection. |
Secure Communication Config | The security communication configuration to use when connecting via SSL or TLS. This value is ignored when SecureCommunicationClientProfile type. See this section for a configuration example. | is enabled. The configuration must be of
Ignore Invalid Certificates | When enabled, any SSL or TLS invalid certificate is treated as valid. Use this option in testing environments only; use in production environments is not recommended. |
Hosts And Ports | The hosts and ports of the LDAP servers to connect to |
Log Level | Controls the level of verbosity the adapter uses to send notifications to the console. This setting can be higher than the containing application's log level. If set lower, the system log level is used. Available values, in increasing order of verbosity, are: OFF, ERROR, WARN, INFO, DEBUG, TRACE. |
Name: Use this required field to specify or change the name of this instance of this component, which must be unique in the current EventFlow module. The name must contain only alphabetic characters, numbers, and underscores, and no hyphens or other special characters. The first character must be alphabetic or an underscore.
Adapter: A read-only field that shows the formal name of the adapter.
Class name: Shows the fully qualified class name that implements the functionality of this adapter. If you need to reference this class name elsewhere in your application, you can right-click this field and select Copy from the context menu to place the full class name in the system clipboard.
Start with application: If this field is set to Yes (default) or to a module parameter that evaluates to true
, this instance of this adapter starts as part of the JVM engine that runs this EventFlow fragment. If this field is set to
No or to a module parameter that evaluates to false
, the adapter instance is loaded with the engine, but does not start until you send an epadmin container resume command (or its sbadmin equivalent), or until you start the component with StreamBase Manager.
Enable Error Output Port: Select this check box to add an Error Port to this component. In the EventFlow canvas, the Error Port shows as a red output port, always the last port for the component. See Using Error Ports to learn about Error Ports.
Description: Optionally enter text to briefly describe the component's purpose and function. In the EventFlow canvas, you can see the description by pressing Ctrl while the component's tooltip is displayed.
Property | Description |
---|---|
Auth Type | The authentication type to use. |
Bind DN | The bind DN to use when authenticating. |
Password | The password to use when connecting. |
Auth ID | Specifies the authentication ID, which you can use in conjunction with the CRAM-MD5, DIGEST-MD5, GSSAPI, and PLAIN mechanisms. |
Authz ID | Specifies the authorization ID, which you can use in conjunction with the DIGEST-MD5, GSSAPI, and PLAIN mechanisms. |
Config File | Specifies the path to the JAAS config file, which you can use in conjunction with the GSSAPI mechanism. |
Debug | Enables debugging, which you can use in conjunction with the GSSAPI mechanism. |
KDC Address | Specifies the KDC address, which you can use in conjunction with the GSSAPI mechanism. |
Protocol | Specifies the GSSAPI service principal protocol, which you can use in conjunction with the GSSAPI mechanism. |
Quality Of Protection | Specifies the quality of protection that should be used for communication that occurs after the authentication has completed. |
Realm | Specifies the realm name, which you can use in conjunction with the DIGEST-MD5 and GSSAPI mechanisms. |
Require Cache | Indicates whether to require an existing Kerberos session from the ticket cache, which you can use in conjunction with the GSSAPI mechanism. |
Renew TGT | Indicates whether to attempt to renew the Kerberos TGT for an existing session, which you can use in conjunction with the GSSAPI mechanism. |
Ticket Cache | Specifies the path to the Kerberos ticket cache to use, which you can use in conjunction with the GSSAPI mechanism. |
Trace | Specifies the trace string, which you can use in conjunction with the ANONYMOUS mechanism. |
Use Ticket Cache | Specifies whether to use a Kerberos ticket cache, which you can use in conjunction with the GSSAPI mechanism. |
Property | Description |
---|---|
Initial Connections | The number of initial connections to create when connecting. |
Max Connections | The maximum number of connections to create. |
Initial Connect Threads | The number of threads to use when creating the initial connections. |
Use the Concurrency tab to specify parallel regions for this instance of this component, or multiplicity options, or both. The Concurrency tab settings are described in Concurrency Options, and dispatch styles are described in Dispatch Styles.
Caution
Concurrency settings are not suitable for every application, and using these settings requires a thorough analysis of your application. For details, see Execution Order and Concurrency, which includes important guidelines for using the concurrency options.
Use the control input port to send commands to the adapter to perform connection operations.
The schema for the control input port is:
Field Name | Field Type | Description |
---|---|---|
Command | String | The command to send to the connection adapter. Valid values are:
|
ConnectionType | string | Optional — If this field is not present or this value is null, the default value from the adapters properties is used. The
value must be one of:
|
SecurityType | string | Optional — If this field is not present or this value is null, the default value from the adapters properties is used. The
value must be one of:
|
SecureCommunicationConfig | string | Optional — The security communication configuration to use when connecting via SSL or TLS. This value is ignored when SecureCommunicationClientProfile type. See this section for a configuration example. | is enabled. The configuration must be of
IgnoreInvalidCertificates | boolean | Optional — When enabled, any SSL or TLS invalid certificate is treated as valid. Use this option in testing environments only; using in production environments is not recommended. |
Servers | list(tuple(Host string, Port int)) | Optional — If this field is not present or this value is null, the default value from the adapters properties is used. The hosts and ports of the LDAP servers to connect to. |
Auth | tuple | Optional — If this field is not present or this value is null, the default value from the adapters properties is used. This tuple field has the schema listed in Auth Tuple Schema |
Advanced | tuple | Optional — If this field is not present or this value is null, the default value from the adapters properties is used. This tuple field has the schema listed in Advanced Tuple Schema |
If a field in this tuple is null, the default value from the adapters properties is used.
Field Name | Field Type | Description |
---|---|---|
AuthType | string | The value must be one of:
|
BindDN | string | The bind DN to use when authenticating. |
Password | string | The password to use when connecting. |
Trace | string | Specifies the trace string. It may be used in conjunction with the ANONYMOUS mechanism. |
AuthID | string | Specifies the authentication ID, which you can use in conjunction with the CRAM-MD5, DIGEST-MD5, GSSAPI, and PLAIN mechanisms. |
AuthzID | string | Specifies the authorization ID, which you can use in conjunction with the DIGEST-MD5, GSSAPI, and PLAIN mechanisms. |
Realm | string | Specifies the realm name, which you can use in conjunction with the DIGEST-MD5 and GSSAPI mechanisms. |
Qop | string | Specifies the quality of protection that you should use for communication that occurs after the authentication completes. |
ConfigFile | string | Specifies the path to the JAAS config file, which you can use in conjunction with the GSSAPI mechanism. |
Debug | boolean | Indicates whether debugging should be enabled, which you can use in conjunction with the GSSAPI mechanism. |
KdcAddress | string | Specifies the KDC address, which you can use in conjunction with the GSSAPI mechanism. |
Protocol | string | Specifies the GSSAPI service principal protocol, which you can use in conjunction with the GSSAPI mechanism. |
RenewTGT | boolean | Indicates whether to attempt to renew the Kerberos TGT for an existing session. It can be used in conjunction with the GSSAPI mechanism. |
RequireCache | boolean | Indicates whether to require an existing Kerberos session from the ticket cache. It can be used in conjunction with the GSSAPI mechanism. |
TicketCache | string | Specifies the path to the Kerberos ticket cache to use, which you can use in conjunction with the GSSAPI mechanism. |
UseTicketCache | boolean | Specifies whether to use a Kerberos ticket cache, which you can use in conjunction with the GSSAPI mechanism. |
Controls | list(tuple(OID string, Critical boolean, Value string)) | Controls to use during authentication. |
If a field in this tuple is null, the default value from the adapters properties is used.
Field Name | Field Type | Description |
---|---|---|
InitialConnections | int | The number of initial connections to create when connecting. |
MaxConnections | int | The maximum number of connections to create. |
InitialConnectThreads | int | The number of threads to use when creating the initial connections. |
The status output port will output tuples giving relevant information.
The schema for the status output port is:
Field Name | Field Type | Description |
---|---|---|
Status | string | A string describing the current adapter status. |
Time | timestamp | The timestamp for when the status occurred. |
Info | list(tuple(Name string, Value string)) | A list of name-value pairs of data to get more status context. |
The following is a list of status outputs and the associated objects:
Status | Info Elements |
---|---|
Invalid Command |
|
Connection Created |
|
Connection Pool Created | None |
Connection Pool Creation Failed |
|
Disconnected |
|
When setting the Secure Communication Config field, specify a configuration with the same name as the file itself. The file (my-profile
in this example) must be located in your project's src/main/configurations
folder:
// This is a sample of the com.tibco.ep.dtm.configuration.security.SecureCommunicationClientProfile
// configuration containing only required properties. The contents as presented are not valid; uncomment
// and replace sample values with valid values as needed.
name = "sample-SecureCommunicationClientProfile-document"
type = "com.tibco.ep.dtm.configuration.security"
version = "1.0.0"
configuration = {
// A secure communication client profile configuration object contains settings used
// to secure client-side transport connections, for example to external services such
// as LDAP. Profiles are named, and then referenced as needed by other configurations
// needing secure communication.
SecureCommunicationClientProfile = {
// The name of this profile, unique across all secure communication profiles. This
// property is required.
name = "my-profile"
// Enable or disable required client authentication. Enabling requires presence of a
// key store to sign the client side of the secure communication handshake. This property
// is optional, and its default value is false. If its value is true, both a key store
// and key store password are required.
// requireClientAuthentication = true
// Trust store containing CAs by which client certificates must be signed to be trusted.
// If specified, this must be a file. The path is required to be absolute, therefore
// the file must exist on the target node's file system. This property is optional.
// If you do not specify a trust store, the default JRE default CA cert store is used
// instead (for example, in $STREAMBASE_HOME/jdk/jre/
).
trustStore = "C:/absolute/path/myTrustStore.jks"
// The password to access the trust store. This optional property is encryptable as part of
// the node-level secrecy system described in Encrypting Sensitive Configuration Data.
trustStorePassword = "password"
// Trust store type. This key is optional and its default value is 'jks'.
trustStoreType = "jks"
}
}
When suspended, the adapter disconnects from the LDAP server.
When resumed, the adapter reconnects to the LDAP server if it was connected when suspended.