JDBC Driver for LDAP

Build 22.0.8462


Stores a list of user names. Used to apply security principals on resources.

Table Specific Information


All columns support server-side processing for the operators =, >= , <=, !=, LIKE, AND, and OR. Other filters are executed client side within the driver. For example, the following query is processed by LDAP:

SELECT * FROM Group WHERE  GroupType != '-2147483644' AND  ObjectClass = 'top;group' LIMIT 5 
You can turn off client-side execution by setting SupportEnhancedSQL to false in which case any search criteria that refers to any other operators will cause an error.


To add a Group, all fields can be specified except Id, DN, and BaseDN. Required fields that should be provided are RDN and ObjectClass. For example:

INSERT INTO Group (RDN, ObjectClass) VALUES ('CN=Domain Admins', 'group')


All columns except Id, DN, and BaseDN can be updated by providing the Id in the WHERE clause. For example:

UPDATE Group SET Member = 'CN=SUPPORT_388945a0,CN=Users,DC=MyDC' WHERE Id = '1|CN=HelpServicesGroup,CN=Users,DC=MyDC'


Groups can be deleted by providing the Id of the Group in a DELETE statement. For example:

 DELETE FROM Group WHERE Id = '1|CN=HelpServicesGroup,CN=Users,DC=MyDC'


Name Type ReadOnly References DataFormat Description
Id [KEY] String True

Combined index and DN. Multiple indices are only possible when a column is set to SplitDataByRow.

DN String True

The full distinguished name.

RDN String False

The relative distinguished name.

BaseDN String True

The base distinguished name.

GroupType String False DelimitedData

Contains a set of flags that define the type and scope of a group object. For the possible values for this attribute, see Remarks.

ObjectClass String False SplitDataByRow

The list of classes from which this class is derived.

Member String False DelimitedData

The list of users that belong to the group.

NTGroupMembers String False DelimitedData

This attribute is not used.

OperatorCount String False DelimitedData

Operator count.

AdminCount String False DelimitedData

Indicates that a given object has had its ACLs changed to a more secure value by the system because it was a member of one of the administrative groups (directly or transitively).

GroupAttributes String False DelimitedData

The Group-Attributes attribute is not currently used.

GroupMembershipSAM String False DelimitedData

Windows NT Security. Down level Windows NT support.

ControlAccessRights String False DelimitedData

Used by DS Security to determine which users can perform specific operations on the host object.

DesktopProfile String False DelimitedData

The location of the desktop profile for a user or group of users. Not used.

NonSecurityMember String False DelimitedData

Nonsecurity members of a group. Used for Exchange distribution lists.

ManagedBy String False DelimitedData

The distinguished name of the user that is assigned to manage this object.

PrimaryGroupToken String False DelimitedData

A computed attribute that is used in retrieving the membership list of a group, such as Domain Users. The complete membership of such groups is not stored explicitly for scaling reasons.

Mail String False DelimitedData

The list of email addresses for a contact.


Pseudo column fields are used in the WHERE clause of SELECT statements and offer a more granular control over the tuples that are returned from the data source.

Name Type Description
Filter String

Defines the LDAP filter explicitly, overriding any other values set in the WHERE clause.

Copyright (c) 2023 CData Software, Inc. - All rights reserved.
Build 22.0.8462