LDAP Connection Adapter

Introduction

The TIBCO StreamBase® Adapter for LDAP Connection allows a StreamBase application to connect to an LDAP server.

Adapter Properties

This section describes the properties you can set for this adapter, using the various tabs of the Properties view in StreamBase Studio.

General Tab

Name: Use this required field to specify or change the name of this instance of this component, which must be unique in the current EventFlow module. The name must contain only alphabetic characters, numbers, and underscores, and no hyphens or other special characters. The first character must be alphabetic or an underscore.

Adapter: A read-only field that shows the formal name of the adapter.

Class name: Shows the fully qualified class name that implements the functionality of this adapter. If you need to reference this class name elsewhere in your application, you can right-click this field and select Copy from the context menu to place the full class name in the system clipboard.

Start options: This field provides a link to the Cluster Aware tab, where you configure the conditions under which this adapter starts.

Enable Error Output Port: Select this check box to add an Error Port to this component. In the EventFlow canvas, the Error Port shows as a red output port, always the last port for the component. See Using Error Ports to learn about Error Ports.

Description: Optionally enter text to briefly describe the component's purpose and function. In the EventFlow Editor canvas, you can see the description by pressing Ctrl while the component's tooltip is displayed.

Adapter Properties Tab

Property Description
Connect At Startup If enabled the adapter will attempt to connect to the LDAP server at system startup
Connection Type The type of connection to create
Security Type The type of security to use for the connection
Secure Communication Config The security communication config to use from HOCON when connecting via SSL or TLS, this value is ignored if Ignore Invalid Certificates is enabled
Ignore Invalid Certificates If enabled any SSL or TLS invalid certificate will be treated as valid. This option should only be used in a testing environment and should never be enabled in production
Hosts And Ports The hosts and ports of the LDAP servers to connect to
Log Level Controls the level of verbosity the adapter uses to send notifications to the console. This setting can be higher than the containing application's log level. If set lower, the system log level is used. Available values, in increasing order of verbosity, are: OFF, ERROR, WARN, INFO, DEBUG, TRACE.

Auth Properties Tab

Property Description
Auth Type The auth type to use
Bind DN The bind DN to use when authenticating
Password The password to use when connecting
Auth ID Specifies the authentication ID. It may be used in conjunction with the CRAM-MD5, DIGEST-MD5, GSSAPI, and PLAIN mechanisms.
Authz ID Specifies the authorization ID. It may be used in conjunction with the DIGEST-MD5, GSSAPI, and PLAIN mechanisms.
Config File Specifies the path to the JAAS config file. It may be used in conjunction with the GSSAPI mechanism.
Debug Indicates whether debugging should be enabled. It may be used in conjunction with the GSSAPI mechanism.
KDC Address Specifies the KDC address. It may be used in conjunction with the GSSAPI mechanism.
Protocol Specifies the GSSAPI service principal protocol. It may be used in conjunction with the GSSAPI mechanism.
Quality Of Protection Specifies the quality of protection that should be used for communication that occurs after the authentication has completed.
Realm Specifies the realm name. It may be used in conjunction with the DIGEST-MD5 and GSSAPI mechanisms.
Require Cache Indicates whether to require an existing Kerberos session from the ticket cache. It may be used in conjunction with the GSSAPI mechanism.
Renew TGT Indicates whether to attempt to renew the Kerberos TGT for an existing session. It may be used in conjunction with the GSSAPI mechanism.
Ticket Cache Specifies the path to the Kerberos ticket cache to use. It may be used in conjunction with the GSSAPI mechanism.
Trace Specifies the trace string. It may be used in conjunction with the ANONYMOUS mechanism.
Use Ticket Cache Specifies whether to use a Kerberos ticket cache. It may be used in conjunction with the GSSAPI mechanism.

Advanced Properties Tab

Property Description
Initial Connections The number of initial connections to create when connecting
Max Connections The maximum number of connections to create
Initial Connect Threads The number of threads to use when creating the initial connections

Cluster Aware Tab

Use the settings in this tab to allow this operator or adapter to start and stop based on conditions that occur at runtime in a cluster with more than one node. During initial development of the fragment that contains this operator or adapter, and for maximum compatibility with TIBCO Streaming releases before 10.5.0, leave the Cluster start policy control in its default setting, Start with module.

Cluster awareness is an advanced topic that requires an understanding of StreamBase Runtime architecture features, including clusters, quorums, availability zones, and partitions. See Cluster Awareness Tab Settings on the Using Cluster Awareness page for instructions on configuring this tab.

Concurrency Tab

Use the Concurrency tab to specify parallel regions for this instance of this component, or multiplicity options, or both. The Concurrency tab settings are described in Concurrency Options, and dispatch styles are described in Dispatch Styles.

Caution

Concurrency settings are not suitable for every application, and using these settings requires a thorough analysis of your application. For details, see Execution Order and Concurrency, which includes important guidelines for using the concurrency options.

Control Input Port

The control input port is used to send commands to the adapter to perform connection operations.

The schema for the control input port is:

Field Name Field Type Description
Command String The command to send to the connection adapter, valid values are
  • Connect — The command is used to connect to the LDAP server(s) with the information contained in the input tuple. If already connected the adapter will disconnect and connect with the new information.

  • Disconnect — The command is used to disconnect from the LDAP server(s)

ConnectionType string Optional - If this field is not present or this value is null, the default value from the adapters properties will be used. The value must be one of
  • Round Robin — This will use a round-robin algorithm to select the server to which the connection should be established.

  • Fastest Connection — This will attempt to establish connections to all associated servers in parallel, keeping the one that was first to be successfully established and closing all others

  • Fewest Connections — This will establish a connection to the server with the fewest established connections previously created by the same server set instance

  • Fail Over — This will attempt to establish connections to servers in the order they are provided

SecurityType string Optional - If this field is not present or this value is null, the default value from the adapters properties will be used. The value must be one of
  • None — No security will be used to communicate with the server.

  • SSL — SSL will be used to communicated with the server

  • TLS — TLS will be used to communicated with the server

SecureCommunicationConfig string Optional - If this field is not present or this value is null, the default value from the adapters properties will be used. The security communication config to use from HOCON when connecting via SSL or TLS, this value is ignored if Ignore Invalid Certificates is enabled
IgnoreInvalidCertificates boolean Optional - If this field is not present or this value is null, the default value from the adapters properties will be used. If true any SSL or TLS invalid certificate will be treated as valid. This option should only be used in a testing environment and should never be enabled in production
Servers list(tuple(Host string, Port int)) Optional - If this field is not present or this value is null, the default value from the adapters properties will be used. The hosts and ports of the LDAP servers to connect to.
Auth tuple Optional - If this field is not present or this value is null, the default value from the adapters properties will be used. This tuple field has the schema listed in Auth Tuple Schema
Advanced tuple Optional - If this field is not present or this value is null, the default value from the adapters properties will be used. This tuple field has the schema listed in Advanced Tuple Schema

Auth Tuple Schema

If a field in this tuple is null, the default value from the adapters properties will be used.

Field Name Field Type Description
AuthType string The value must be one of
  • SIMPLE — Simple auth will be used

  • ANONYMOUS — SASL ANONYMOUS bind request as described in RFC 4505. ANONYMOUS SASL mechanism is essentially equivalent to using an anonymous simple bind (i.e., a simple bind with an empty password)

  • CRAM-MD5 — SASL CRAM-MD5 bind request implementation as described in draft-ietf-sasl-crammd5

  • DIGEST-MD5 — SASL DIGEST-MD5 bind request implementation as described in RFC 2831

  • EXTERNAL — SASL EXTERNAL bind request implementation as described in RFC 4422

  • GSSAPI — SASL GSSAPI bind request implementation as described in RFC 4752

  • PLAIN — SASL PLAIN bind request implementation as described in RFC 4616

BindDN string The bind DN to use when authenticating.
Password string The password to use when connecting.
Trace string Specifies the trace string. It may be used in conjunction with the ANONYMOUS mechanism.
AuthID string Specifies the authentication ID. It may be used in conjunction with the CRAM-MD5, DIGEST-MD5, GSSAPI, and PLAIN mechanisms.
AuthzID string Specifies the authorization ID. It may be used in conjunction with the DIGEST-MD5, GSSAPI, and PLAIN mechanisms.
Realm string Specifies the realm name. It may be used in conjunction with the DIGEST-MD5 and GSSAPI mechanisms.
Qop string Specifies the quality of protection that should be used for communication that occurs after the authentication has completed.
ConfigFile string Specifies the path to the JAAS config file. It may be used in conjunction with the GSSAPI mechanism.
Debug boolean Indicates whether debugging should be enabled. It may be used in conjunction with the GSSAPI mechanism.
KdcAddress string Specifies the KDC address. It may be used in conjunction with the GSSAPI mechanism.
Protocol string Specifies the GSSAPI service principal protocol. It may be used in conjunction with the GSSAPI mechanism.
RenewTGT boolean Indicates whether to attempt to renew the Kerberos TGT for an existing session. It may be used in conjunction with the GSSAPI mechanism.
RequireCache boolean Indicates whether to require an existing Kerberos session from the ticket cache. It may be used in conjunction with the GSSAPI mechanism.
TicketCache string Specifies the path to the Kerberos ticket cache to use. It may be used in conjunction with the GSSAPI mechanism.
UseTicketCache boolean Specifies whether to use a Kerberos ticket cache. It may be used in conjunction with the GSSAPI mechanism.
Controls list(tuple(OID string, Critical boolean, Value string)) Controls to use during auth

Advanced Tuple Schema

If a field in this tuple is null, the default value from the adapters properties will be used.

Field Name Field Type Description
InitialConnections int The number of initial connections to create when connecting.
MaxConnections int The maximum number of connections to create.
InitialConnectThreads int The number of threads to use when creating the initial connections.

Status Output Port

The status output port will output tuples giving relevant information.

The schema for the status output port is:

Field Name Field Type Description
Status String A string describing the current status of the adapter.
Time timestamp The timestamp that the status occurred.
Info list(tuple(Name string, Value string)) A list of name value pairs of data to got more context to the status.

The following is a list of status outputs and the associated objects:

Status Info Elements
Invalid Command
  • Command — The command given by the input tuple.

  • ValidCommands — A list of the valid commands.

Connection Created
  • Host — The address of the directory server to which this connection is currently established.

  • Post — The port of the directory server to which this connection is currently established.

  • Id — A value that uniquely identifies this connection within the JVM.

  • Name — The user-friendly name that has been assigned to this connection.

Connection Pool Created None
Connection Pool Creation Failed
  • Error — The error that occurred.

Disconnected
  • Host — The address of the directory server to which this connection disconnected from.

  • Post — The port of the directory server to which this connection disconnected from.

  • Id — A value that uniquely identifies this connection within the JVM.

  • Name — The user-friendly name that has been assigned to this connection.

  • DisconnectType — Provides general information about the nature of the disconnect.

  • ResultCode — The result code most closely associated with this disconnect type.

  • Description — The description for this disconnect type.

  • Message — A message that may be associated with the disconnect.

  • Cause — If an exception occurred this will contain the exception message.

Suspend and Resume Behavior

When suspended, the adapter disconnects from the LDAP server.

When resumed, the adapter will reconnect to the LDAP server if it was connected when suspended.