LDAP
Important Capabilities
| Capability | Status | Notes |
|---|---|---|
| Detect Deleted Entities | ✅ | Optionally enabled via stateful_ingestion.remove_stale_metadata |
This plugin extracts the following:
- People
- Names, emails, titles, and manager information for each person
- List of groups
CLI based Ingestion
Starter Recipe
Check out the following recipe to get started with ingestion! See below for full configuration options.
For general pointers on writing and running a recipe, see our main recipe guide.
source:
type: "ldap"
config:
# Coordinates
ldap_server: ldap://localhost
# Credentials
ldap_user: "cn=admin,dc=example,dc=org"
ldap_password: "admin"
# Options
base_dn: "dc=example,dc=org"
sink:
# sink configs
Config Details
- Options
- Schema
Note that a . is used to denote nested fields in the YAML recipe.
| Field | Description |
|---|---|
base_dn ✅ string | LDAP DN. |
ldap_password ✅ string | LDAP password. |
ldap_server ✅ string | LDAP server URL. |
ldap_user ✅ string | LDAP user. |
drop_missing_first_last_name boolean | If set to true, any users without first and last names will be dropped. Default: True |
filter string | LDAP extractor filter. Default: (objectClass=*) |
group_attrs_map object | Default: {} |
manager_filter_enabled boolean | Use LDAP extractor filter to search managers. Default: True |
manager_pagination_enabled boolean | [deprecated] Use pagination_enabled Default: True |
page_size integer | Size of each page to fetch when extracting metadata. Default: 20 |
pagination_enabled boolean | Use pagination while do search query (enabled by default). Default: True |
platform_instance string | The instance of the platform that all assets produced by this recipe belong to. This should be unique within the platform. See https://datahubproject.io/docs/platform-instances/ for more details. |
use_email_as_username boolean | Use email for users' usernames instead of username (disabled by default). If enabled, the user and group urn would be having email as the id part of the urn. Default: False |
user_attrs_map object | Default: {} |
env string | The environment that all assets produced by this connector belong to Default: PROD |
attrs_list array | Retrieved attributes list |
attrs_list.string string | |
custom_props_list array | A list of custom attributes to extract from the LDAP provider. |
custom_props_list.string string | |
stateful_ingestion StatefulStaleMetadataRemovalConfig | Base specialized config for Stateful Ingestion with stale metadata removal capability. |
stateful_ingestion.enabled boolean | Whether or not to enable stateful ingest. Default: True if a pipeline_name is set and either a datahub-rest sink or datahub_api is specified, otherwise False Default: False |
stateful_ingestion.remove_stale_metadata boolean | Soft-deletes the entities present in the last successful run but missing in the current run with stateful_ingestion enabled. Default: True |
The JSONSchema for this configuration is inlined below.
{
"title": "LDAPSourceConfig",
"description": "Config used by the LDAP Source.",
"type": "object",
"properties": {
"env": {
"title": "Env",
"description": "The environment that all assets produced by this connector belong to",
"default": "PROD",
"type": "string"
},
"platform_instance": {
"title": "Platform Instance",
"description": "The instance of the platform that all assets produced by this recipe belong to. This should be unique within the platform. See https://datahubproject.io/docs/platform-instances/ for more details.",
"type": "string"
},
"stateful_ingestion": {
"$ref": "#/definitions/StatefulStaleMetadataRemovalConfig"
},
"ldap_server": {
"title": "Ldap Server",
"description": "LDAP server URL.",
"type": "string"
},
"ldap_user": {
"title": "Ldap User",
"description": "LDAP user.",
"type": "string"
},
"ldap_password": {
"title": "Ldap Password",
"description": "LDAP password.",
"type": "string"
},
"base_dn": {
"title": "Base Dn",
"description": "LDAP DN.",
"type": "string"
},
"filter": {
"title": "Filter",
"description": "LDAP extractor filter.",
"default": "(objectClass=*)",
"type": "string"
},
"attrs_list": {
"title": "Attrs List",
"description": "Retrieved attributes list",
"type": "array",
"items": {
"type": "string"
}
},
"custom_props_list": {
"title": "Custom Props List",
"description": "A list of custom attributes to extract from the LDAP provider.",
"type": "array",
"items": {
"type": "string"
}
},
"drop_missing_first_last_name": {
"title": "Drop Missing First Last Name",
"description": "If set to true, any users without first and last names will be dropped.",
"default": true,
"type": "boolean"
},
"page_size": {
"title": "Page Size",
"description": "Size of each page to fetch when extracting metadata.",
"default": 20,
"type": "integer"
},
"manager_filter_enabled": {
"title": "Manager Filter Enabled",
"description": "Use LDAP extractor filter to search managers.",
"default": true,
"type": "boolean"
},
"manager_pagination_enabled": {
"title": "Manager Pagination Enabled",
"description": "[deprecated] Use pagination_enabled ",
"default": true,
"type": "boolean"
},
"pagination_enabled": {
"title": "Pagination Enabled",
"description": "Use pagination while do search query (enabled by default).",
"default": true,
"type": "boolean"
},
"use_email_as_username": {
"title": "Use Email As Username",
"description": "Use email for users' usernames instead of username (disabled by default). If enabled, the user and group urn would be having email as the id part of the urn.",
"default": false,
"type": "boolean"
},
"user_attrs_map": {
"title": "User Attrs Map",
"default": {},
"type": "object"
},
"group_attrs_map": {
"title": "Group Attrs Map",
"default": {},
"type": "object"
}
},
"required": [
"ldap_server",
"ldap_user",
"ldap_password",
"base_dn"
],
"additionalProperties": false,
"definitions": {
"DynamicTypedStateProviderConfig": {
"title": "DynamicTypedStateProviderConfig",
"type": "object",
"properties": {
"type": {
"title": "Type",
"description": "The type of the state provider to use. For DataHub use `datahub`",
"type": "string"
},
"config": {
"title": "Config",
"description": "The configuration required for initializing the state provider. Default: The datahub_api config if set at pipeline level. Otherwise, the default DatahubClientConfig. See the defaults (https://github.com/datahub-project/datahub/blob/master/metadata-ingestion/src/datahub/ingestion/graph/client.py#L19).",
"default": {},
"type": "object"
}
},
"required": [
"type"
],
"additionalProperties": false
},
"StatefulStaleMetadataRemovalConfig": {
"title": "StatefulStaleMetadataRemovalConfig",
"description": "Base specialized config for Stateful Ingestion with stale metadata removal capability.",
"type": "object",
"properties": {
"enabled": {
"title": "Enabled",
"description": "Whether or not to enable stateful ingest. Default: True if a pipeline_name is set and either a datahub-rest sink or `datahub_api` is specified, otherwise False",
"default": false,
"type": "boolean"
},
"remove_stale_metadata": {
"title": "Remove Stale Metadata",
"description": "Soft-deletes the entities present in the last successful run but missing in the current run with stateful_ingestion enabled.",
"default": true,
"type": "boolean"
}
},
"additionalProperties": false
}
}
}
Code Coordinates
- Class Name:
datahub.ingestion.source.ldap.LDAPSource - Browse on GitHub
Questions
If you've got any questions on configuring ingestion for LDAP, feel free to ping us on our Slack.
Is this page helpful?