Contents
The TIBCO StreamBase® Adapter for LDAP Connection allows a StreamBase application to connect to an LDAP server.
This section describes the properties you can set for this adapter, using the various tabs of the Properties view in StreamBase Studio.
Name: Use this required field to specify or change the name of this instance of this component, which must be unique in the current EventFlow module. The name must contain only alphabetic characters, numbers, and underscores, and no hyphens or other special characters. The first character must be alphabetic or an underscore.
Adapter: A read-only field that shows the formal name of the adapter.
Class name: Shows the fully qualified class name that implements the functionality of this adapter. If you need to reference this class name elsewhere in your application, you can right-click this field and select Copy from the context menu to place the full class name in the system clipboard.
Start options: This field provides a link to the Cluster Aware tab, where you configure the conditions under which this adapter starts.
Enable Error Output Port: Select this check box to add an Error Port to this component. In the EventFlow canvas, the Error Port shows as a red output port, always the last port for the component. See Using Error Ports to learn about Error Ports.
Description: Optionally enter text to briefly describe the component's purpose and function. In the EventFlow Editor canvas, you can see the description by pressing Ctrl while the component's tooltip is displayed.
Property | Description |
---|---|
Connect At Startup | If enabled the adapter will attempt to connect to the LDAP server at system startup |
Connection Type | The type of connection to create |
Security Type | The type of security to use for the connection |
Secure Communication Config | The security communication config to use from HOCON when connecting via SSL or TLS, this value is ignored if Ignore Invalid Certificates is enabled |
Ignore Invalid Certificates | If enabled any SSL or TLS invalid certificate will be treated as valid. This option should only be used in a testing environment and should never be enabled in production |
Hosts And Ports | The hosts and ports of the LDAP servers to connect to |
Log Level | Controls the level of verbosity the adapter uses to send notifications to the console. This setting can be higher than the containing application's log level. If set lower, the system log level is used. Available values, in increasing order of verbosity, are: OFF, ERROR, WARN, INFO, DEBUG, TRACE. |
Property | Description |
---|---|
Auth Type | The auth type to use |
Bind DN | The bind DN to use when authenticating |
Password | The password to use when connecting |
Auth ID | Specifies the authentication ID. It may be used in conjunction with the CRAM-MD5, DIGEST-MD5, GSSAPI, and PLAIN mechanisms. |
Authz ID | Specifies the authorization ID. It may be used in conjunction with the DIGEST-MD5, GSSAPI, and PLAIN mechanisms. |
Config File | Specifies the path to the JAAS config file. It may be used in conjunction with the GSSAPI mechanism. |
Debug | Indicates whether debugging should be enabled. It may be used in conjunction with the GSSAPI mechanism. |
KDC Address | Specifies the KDC address. It may be used in conjunction with the GSSAPI mechanism. |
Protocol | Specifies the GSSAPI service principal protocol. It may be used in conjunction with the GSSAPI mechanism. |
Quality Of Protection | Specifies the quality of protection that should be used for communication that occurs after the authentication has completed. |
Realm | Specifies the realm name. It may be used in conjunction with the DIGEST-MD5 and GSSAPI mechanisms. |
Require Cache | Indicates whether to require an existing Kerberos session from the ticket cache. It may be used in conjunction with the GSSAPI mechanism. |
Renew TGT | Indicates whether to attempt to renew the Kerberos TGT for an existing session. It may be used in conjunction with the GSSAPI mechanism. |
Ticket Cache | Specifies the path to the Kerberos ticket cache to use. It may be used in conjunction with the GSSAPI mechanism. |
Trace | Specifies the trace string. It may be used in conjunction with the ANONYMOUS mechanism. |
Use Ticket Cache | Specifies whether to use a Kerberos ticket cache. It may be used in conjunction with the GSSAPI mechanism. |
Property | Description |
---|---|
Initial Connections | The number of initial connections to create when connecting |
Max Connections | The maximum number of connections to create |
Initial Connect Threads | The number of threads to use when creating the initial connections |
Connect Timeout MS | Specifies the maximum length of time in milliseconds that a connection attempt should be allowed to continue before giving up. A value of zero indicates that there should be no connect timeout. |
Response Timeout MS | Specifies the maximum length of time in milliseconds that an operation should be allowed to block while waiting for a response from the server. A value of zero indicates that there should be no timeout. Note that this will be set before any per operation timeout. |
Search Timeout MS | Specifies the maximum length of time in milliseconds that the search operation should be allowed to block while waiting for a response from the server. A value of zero indicates that there should be no timeout. |
Add Timeout MS | Specifies the maximum length of time in milliseconds that the add operation should be allowed to block while waiting for a response from the server. A value of zero indicates that there should be no timeout. |
Compare Timeout MS | Specifies the maximum length of time in milliseconds that the compare operation should be allowed to block while waiting for a response from the server. A value of zero indicates that there should be no timeout. |
Delete Timeout MS | Specifies the maximum length of time in milliseconds that the delete operation should be allowed to block while waiting for a response from the server. A value of zero indicates that there should be no timeout. |
Modify Timeout MS | Specifies the maximum length of time in milliseconds that the modify operation should be allowed to block while waiting for a response from the server. A value of zero indicates that there should be no timeout. |
Modify DN Timeout MS | Specifies the maximum length of time in milliseconds that the modify DN operation should be allowed to block while waiting for a response from the server. A value of zero indicates that there should be no timeout. |
Use the settings in this tab to allow this operator or adapter to start and stop based on conditions that occur at runtime in a cluster with more than one node. During initial development of the fragment that contains this operator or adapter, and for maximum compatibility with TIBCO Streaming releases before 10.5.0, leave the Cluster start policy control in its default setting, Start with module.
Cluster awareness is an advanced topic that requires an understanding of StreamBase Runtime architecture features, including clusters, quorums, availability zones, and partitions. See Cluster Awareness Tab Settings on the Using Cluster Awareness page for instructions on configuring this tab.
Use the Concurrency tab to specify parallel regions for this instance of this component, or multiplicity options, or both. The Concurrency tab settings are described in Concurrency Options, and dispatch styles are described in Dispatch Styles.
Caution
Concurrency settings are not suitable for every application, and using these settings requires a thorough analysis of your application. For details, see Execution Order and Concurrency, which includes important guidelines for using the concurrency options.
When you setup your connection you specify 1-N host/port combinations and also specify how many connections to initially connect with. If you have more than 1 host/port setup and one goes down its current connections in the connection pool will be disconnected. If those are the only current connections then the next operation that is requested will cause a new connection to be added to the pool to any server that is available (with timeouts already exposed on the connection adapter being used). If no server can respond to the action then a failure status message is reported for the operation being performed for example 'Search Error' and the info list will contains the ResultCode 91 and ResultName 'connect error', this would happen if ALL servers are unavailable. The next requested operation would try to add another connection to the connection pool again with the same timeout depending on the operation being requested. Please see the Advanced Properties Tab for all the available timeouts.
The control input port is used to send commands to the adapter to perform connection operations.
The schema for the control input port is:
Field Name | Field Type | Description |
---|---|---|
Command | String | The command to send to the connection adapter, valid values are
|
ConnectionType | string | Optional - If this field is not present or this value is null, the default value from the adapters properties will be used.
The value must be one of
|
SecurityType | string | Optional - If this field is not present or this value is null, the default value from the adapters properties will be used.
The value must be one of
|
SecureCommunicationConfig | string | Optional - If this field is not present or this value is null, the default value from the adapters properties will be used. The security communication config to use from HOCON when connecting via SSL or TLS, this value is ignored if Ignore Invalid Certificates is enabled |
IgnoreInvalidCertificates | boolean | Optional - If this field is not present or this value is null, the default value from the adapters properties will be used. If true any SSL or TLS invalid certificate will be treated as valid. This option should only be used in a testing environment and should never be enabled in production |
Servers | list(tuple(Host string, Port int)) | Optional - If this field is not present or this value is null, the default value from the adapters properties will be used. The hosts and ports of the LDAP servers to connect to. |
Auth | tuple | Optional - If this field is not present or this value is null, the default value from the adapters properties will be used. This tuple field has the schema listed in Auth Tuple Schema |
Advanced | tuple | Optional - If this field is not present or this value is null, the default value from the adapters properties will be used. This tuple field has the schema listed in Advanced Tuple Schema |
If a field in this tuple is null, the default value from the adapters properties will be used.
Field Name | Field Type | Description |
---|---|---|
AuthType | string | The value must be one of
|
BindDN | string | The bind DN to use when authenticating. |
Password | string | The password to use when connecting. |
Trace | string | Specifies the trace string. It may be used in conjunction with the ANONYMOUS mechanism. |
AuthID | string | Specifies the authentication ID. It may be used in conjunction with the CRAM-MD5, DIGEST-MD5, GSSAPI, and PLAIN mechanisms. |
AuthzID | string | Specifies the authorization ID. It may be used in conjunction with the DIGEST-MD5, GSSAPI, and PLAIN mechanisms. |
Realm | string | Specifies the realm name. It may be used in conjunction with the DIGEST-MD5 and GSSAPI mechanisms. |
Qop | string | Specifies the quality of protection that should be used for communication that occurs after the authentication has completed. |
ConfigFile | string | Specifies the path to the JAAS config file. It may be used in conjunction with the GSSAPI mechanism. |
Debug | boolean | Indicates whether debugging should be enabled. It may be used in conjunction with the GSSAPI mechanism. |
KdcAddress | string | Specifies the KDC address. It may be used in conjunction with the GSSAPI mechanism. |
Protocol | string | Specifies the GSSAPI service principal protocol. It may be used in conjunction with the GSSAPI mechanism. |
RenewTGT | boolean | Indicates whether to attempt to renew the Kerberos TGT for an existing session. It may be used in conjunction with the GSSAPI mechanism. |
RequireCache | boolean | Indicates whether to require an existing Kerberos session from the ticket cache. It may be used in conjunction with the GSSAPI mechanism. |
TicketCache | string | Specifies the path to the Kerberos ticket cache to use. It may be used in conjunction with the GSSAPI mechanism. |
UseTicketCache | boolean | Specifies whether to use a Kerberos ticket cache. It may be used in conjunction with the GSSAPI mechanism. |
Controls | list(tuple(OID string, Critical boolean, Value string)) | Controls to use during auth |
If a field in this tuple is null, the default value from the adapters properties will be used.
Field Name | Field Type | Description |
---|---|---|
InitialConnections | int | The number of initial connections to create when connecting. |
MaxConnections | int | The maximum number of connections to create. |
InitialConnectThreads | int | The number of threads to use when creating the initial connections. |
ConnectTimeoutMS | int | Specifies the maximum length of time in milliseconds that a connection attempt should be allowed to continue before giving up. A value of zero indicates that there should be no connect timeout. |
ResponseTimeoutMS | int | Specifies the maximum length of time in milliseconds that an operation should be allowed to block while waiting for a response from the server. A value of zero indicates that there should be no timeout. Note that this will be set before any per operation timeout. |
SearchTimeoutMS | int | Specifies the maximum length of time in milliseconds that the search operation should be allowed to block while waiting for a response from the server. A value of zero indicates that there should be no timeout. |
AddTimeoutMS | int | Specifies the maximum length of time in milliseconds that the add operation should be allowed to block while waiting for a response from the server. A value of zero indicates that there should be no timeout. |
CompareTimeoutMS | int | Specifies the maximum length of time in milliseconds that the compare operation should be allowed to block while waiting for a response from the server. A value of zero indicates that there should be no timeout. |
DeleteTimeoutMS | int | Specifies the maximum length of time in milliseconds that the delete operation should be allowed to block while waiting for a response from the server. A value of zero indicates that there should be no timeout. |
ModifyTimeoutMS | int | Specifies the maximum length of time in milliseconds that the modify operation should be allowed to block while waiting for a response from the server. A value of zero indicates that there should be no timeout. |
ModifyDNTimeoutMS | int | Specifies the maximum length of time in milliseconds that the modify DN operation should be allowed to block while waiting for a response from the server. A value of zero indicates that there should be no timeout. |
The status output port will output tuples giving relevant information.
The schema for the status output port is:
Field Name | Field Type | Description |
---|---|---|
Status | String | A string describing the current status of the adapter. |
Time | timestamp | The timestamp that the status occurred. |
Info | list(tuple(Name string, Value string)) | A list of name value pairs of data to got more context to the status. |
The following is a list of status outputs and the associated objects:
Status | Description | Info Elements |
---|---|---|
Invalid Command | An invalid command was given to the control port |
|
Connection Created | A connection was created for the connection pool |
|
Connection Pool Created | The connection pool has been initialized and will start to create connections. |
|
Connection Pool Creation Failed | The connection pool failed to create |
|
Disconnected | A connection has been disconnected. If no connection pool exists a port value of -1 is returned. |
|
When suspended, the adapter disconnects from the LDAP server.
When resumed, the adapter will reconnect to the LDAP server if it was connected when suspended.