Skip to main content

LDAP Source Connector

The LDAP source connector in DataSync lets you retrieve data from LDAP (Lightweight Directory Access Protocol) server for loading or synchronizing in your data warehouse. It supports both unencrypted connections and secure connections over TLS/SSL. After creating all required source connections, configure your destination source to complete the connection setup.

Create a source connection in DataSync

  1. Log in to DataSync.
  2. From the welcome screen, select Connections.
  3. Next to Source Connections, click New.
  4. Select LDAP.
  5. In the Connection Properties panel, enter the connection properties.
  6. (Optional) In the Additional Connection Properties panel, select Add property and enter the parameters for each property.
  7. In the Advanced Settings panel, configure the settings, including the Tracking Type and other values according to your requirements.
  8. Click Save.

Parameters

Connection properties

ParameterDescription
DescriptionUnique name for the connection. Example: LDAP
ServerFully qualified domain name (FQDN) of the LDAP server. Do not include the LDAP:// portion—only the server domain name.
Example: ldapserver.mydomain.local
PortPort the LDAP server is running on. The default port is 389. If Enable LDAP over TLS/SSL is selected, set the port to 636.
Enable LDAP over TLS/SSLSecure connection to the LDAP server. You must adjust the Port afterwards.
UsernameUsername in domain format. Example: DOMAIN\\jdoe
PasswordPassword for the specified username.
Search baseBase distinguished name (DN) for queries. Set to the root directory or a specific subtree. Common examples:
DC=mydomain,DC=local or OU=Users,OU=Canada,DC=mydomain,DC=local
Maximum number of recordsMaximum number of records returned. Set to -1 for no limit.
ScopeScope for directory search:

  • Whole Subtree – (Default) Search includes the search base and all descendants.
  • Single Level – Search includes the search base and direct descendants only.
  • Base Object – Search root of the search base only.
TimeoutTime in seconds to wait for connection opening and query execution before timeout.
Follow ReferralsOption to follow referrals returned by the LDAP server.
Friendly GUIDFormat for GUID attributes (such as objectGUID).

  • When enabled, returns a human-readable string.
    Example: 708d9374-d64a-49b2-97ea-489ddc717703
  • When disabled, they are returned as base64-encoded strings.
Friendly SIDFormat for SID attributes (such as objectSID).

  • When enabled, returns a human-readable string.
    Example: S-1-5-21-4272240814-246508344-1325542772-12464.
  • When disabled, they are returned as base64-encoded strings.
Verbosity
  • 1 – Log queries, row counts, execution start/end, errors.
  • 2 – Includes level 1 plus cache queries, HTTP headers.
  • 3 – Includes level 2 plus request/response bodies.
  • 4 – Includes level 3 plus transport-level communication.
  • 5 – Includes level 4 plus all interface commands.
Enable PoolingConnection pooling option for performance.
Pool idle timeoutMaximum idle time for connections before returning them to the pool, in seconds.
Max Pool SizeMaximum number of connections allowed in the pool.
Pool wait timeMaximum wait time for connection allocation before error is thrown, in seconds.

Additional connection properties

Additional connection string properties not specified in the Connection Properties panel. For each property added, you can choose Visible or Encrypted. Selecting Encrypted hides the value from the interface and stores it encrypted in the back end, such as when defining passwords.

PropertyValue
SSLServerCert    Certificate definition for a TLS/SSL connection. Specify the server certificate to accept. Untrusted certificates are rejected. If not specified, any certificate trusted by the machine is accepted. Common examples:
PEM certificate
-----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----
File path
C:\cert.cer
Public key
-----BEGIN RSA PUBLIC KEY----- ... -----END RSA PUBLIC KEY-----
MD5 thumbprint
ecadbdda5a1529c58a1e9e09828d70e4
SHA1 thumbprint
34a929226ae0819f2ec14b4a3d904f801cbb150d
AuthMechanismAuthentication mechanism:

  • SIMPLE – (Default) Default plain text authentication.
  • DIGESTMD5 – DIGEST-MD5 challenge/response authentication.
  • NEGOTIATE – NTLM/NEGOTIATE authentication.

Advanced settings

Advanced settings control how the LDAP connector tracks changes, handles regional and time configuration, and processes data batches during extraction. These options allow fine‑tuning for performance and accuracy, and should be configured according to your system environment and operational requirements.

SettingDescription
Tracking TypeMethod for tracking changes: None or Date.
RegionRegion setting for the connector, if required by your setup.
Time ZoneTime zone matching the LDAP application server.
Time OffsetRefresh offset in seconds to compensate for timing issues in record selection. Minimum value is 0; maximum is 3600 seconds.
Batch SizeQuantity of records processed in each batch during extraction. Larger batch sizes increase memory usage but can improve performance up to a point. The default value is 2000 and the maximum should not exceed 10000 records. Adjust according to your network speed and disk performance; in most cases the default (2000) works best.

Example


important

The LDAP connector supports only the Truncate and Load option for running extractions.