|
|
|
|
For the LDAP authentification, one can provide the user name as a valid Distinguished Name (DN), or one can provide a user name which correponds to an entry in the LDAP tree; however the LDAP server usually requires a DN to authenticate. Providing a DN is usually inconvenient and people prefer to remember their user name rather than the associated DN. For this reason, if a user name is not provided, the LDAP provider tries the following:
do an anonymous bind
search a DN from the specified user name
fetch the DN is it exists and is the only result
close the anonymous connection
bind using the found DN
However for an Active Directory server, this may fail if the server does not allow anonymous binding or searches, and one can use one of the following username syntaxes instead:
username@DOMAIN
DOMAIN\username
The LDAP provider maps LDAP searches to Libgda's data models, with the following design choices:
A data model column is created for each attibute the LDAP search returns, plus one column for the DN (Distinguished name), as the 1st column of each search; so if no attribute is requested, the resulting data model will only contain one column for the DN
If not otherwise specified, the data type of each data model column is determined by the data type of the corresponding column attribute
Multi valued attributes are by default handled as an invalid data, but it is possible to specify instead to report a NULL value, or an array in a CSV notation.
For performances reasons, some data is cached (unless the "USE_CACHE" connection variable is set to FALSE). Cache files are in the users's home directory, as per the XDG Base Directory Specification
For more information, see the GdaDataModelLdap and the GdaLdapConnection objects.