The CData Sync App provides a straightforward way to continuously pipeline your LDAP data to any database, data lake, or data warehouse, making it easily available for Analytics, Reporting, AI, and Machine Learning.
The LDAP connector can be used from the CData Sync application to pull data from LDAP and move it to any of the supported destinations.
The Sync App models LDAP 2 and 3 objects as bidirectional tables. The Sync App is a standard LDAP client as specified in RFC 1777, 2251, and other LDAP RFCs.
For required properties, see the Settings tab.
For connection properties that are not typically required, see the Advanced tab.
The CData driver for the LDAP supports connecting to LDAP server objects. To connect, set the required properties.
Optional properties can be used to further refine control of the returned results.
To authenticate requests, set the User and Password properties to valid LDAP credentials. For example: set User to Domain\\BobF or cn=Bob F,ou=Employees,dc=Domain.
The AuthMechanism properties for the Sync App are as follows:
By default, the driver uses plaintext when communicating with the server set to port=389. The driver automatically switches to use SSL when talking to the LDAP on port=636. You can force the connection to use the SSL connection property when set to SSL=TRUE.
The Sync App surfaces the columns most often needed from LDAP entities. However, if you need to work with other data, the tables are easy to modify. Tables are defined in schema files, which have a simple format.
See Working with LDAP Tables for a guide to extending the default schemas or writing your own. To use custom schemas, set the Location property to the folder containing the schema files. For more on tables and views, see Data Model.
The Sync App includes table schemas for many standard LDAP objects. You can easily extend the included table schemas to edit column behavior or you can write your own from scratch.
Table schemas are defined in .rsd files, which are simple configuration files. This section will walk through different parts of the schema, adding several columns to the Person table as an example.
You can find the Person.rsd file in the db subfolder in the installation folder of the CData Sync App.
To use custom schemas, set the Location property to the folder containing the schema files.
It is important to define a new table with the same name as the object class that the table will represent. This will allow the Sync App to search for only the desired object class when querying the LDAP server. The file name defines the table name.
There are a few columns that every table should include, regardless of the object class:
<rsb:script xmlns:rsb="http://www.rssbus.com/ns/rsbscript/2">
<rsb:info title="Person" description="Create, update, delete, and query person entries in Active Directory.">
<!-- Required Columns -->
<attr name="Id" xs:type="string" readonly="true" key="true" />
<attr name="DN" xs:type="string" readonly="true" required="false" other:ldaptype="OID" />
<attr name="RDN" xs:type="string" readonly="true" required="false" other:ldaptype="Directory String" />
<attr name="BaseDN" xs:type="string" readonly="true" required="false" other:ldaptype="OID" />
Note: The title attribute of the rsb:info block must match the name of the .rsd file.
Each column requires at least name and xs:type attributes. Additionally, you will need to specify dataFormat to decide how data is returned from the table. For example:
<!-- Person Required Attributes -->
<attr name="ObjectClass" other:dataFormat="splitDataByRow" xs:type="string" readonly="false" required="false" other:ldaptype="OID" />
<attr name="SN" other:dataFormat="delimitedData" xs:type="string" readonly="false" required="false" other:ldaptype="Directory String" />
<attr name="CN" other:dataFormat="delimitedData" xs:type="string" readonly="false" required="false" other:ldaptype="Directory String" />
<!-- Person Optional Attributes -->
<attr name="UserPassword" other:dataFormat="delimitedData" xs:type="string" readonly="false" required="false" other:ldaptype="Binary" />
<attr name="TelephoneNumber" other:dataFormat="delimitedData" xs:type="string" readonly="false" required="false" other:ldaptype="Directory String" />
<attr name="SeeAlso" other:dataFormat="delimitedData" xs:type="string" readonly="false" required="false" other:ldaptype="DN" />
<attr name="Description_1" other:dataFormat="splitDataByCol" xs:type="string" readonly="false" required="false" other:ldaptype="Directory String" />
<attr name="Description_2" other:dataFormat="splitDataByCol" xs:type="string" readonly="false" required="false" other:ldaptype="Directory String" />
<attr name="Description_3" other:dataFormat="splitDataByCol" xs:type="string" readonly="false" required="false" other:ldaptype="Directory String" />
The other:dataFormat attribute has three options:
delimitedData: Return multiple LDAP attribute values as delimited strings, separated by the delimiter character defined in the Table Settings section of the .rsd file, detailed later.
This is the default format in which to retrieve data and the delimiter defaults to a semicolon.
The code below can be used to split the different values of the ObjectClass attributes into their own rows and Description attributes into their own columns. Notice the column definition now includes multiple columns for the Description attribute. Also note the other:dataFormat attribute for the attr.
...
<attr name="ObjectClass" other:dataFormat="delimitedData" xs:type="string" readonly="false" required="false" other:ldaptype="OID" />
<attr name="SN" other:dataFormat="delimitedData" xs:type="string" readonly="false" required="false" other:ldaptype="Directory String" />
<attr name="CN" other:dataFormat="delimitedData" xs:type="string" readonly="false" required="false" other:ldaptype="Directory String" />
<attr name="UserPassword" other:dataFormat="delimitedData" xs:type="string" readonly="false" required="false" other:ldaptype="Binary" />
<attr name="TelephoneNumber" other:dataFormat="delimitedData" xs:type="string" readonly="false" required="false" other:ldaptype="Directory String" />
<attr name="SeeAlso" other:dataFormat="delimitedData" xs:type="string" readonly="false" required="false" other:ldaptype="DN" />
<attr name="Description_1" other:dataFormat="delimitedData" xs:type="string" readonly="false" required="false" other:ldaptype="Directory String" />
<attr name="Description_2" other:dataFormat="delimitedData" xs:type="string" readonly="false" required="false" other:ldaptype="Directory String" />
<attr name="Description_3" other:dataFormat="delimitedData" xs:type="string" readonly="false" required="false" other:ldaptype="Directory String" />
</rsb:info>
<!-- Table Settings -->
<rsb:set attr="delimiter" value=";"/>
...
An example result will look like:
| Id | DN | ObjectClass | SN | CN | UserPassword | TelephoneNumber | SeeAlso | Description_1 | Description_2 | Description_3 |
| 1|CN=User1,DC=Test | CN=User1,DC=Test | Top | TestSN | User1 | 555-5555 | A;B;C | Desc1 | Desc2 | Desc3 | |
| 2|CN=User1,DC=Test | CN=User1,DC=Test | User | TestSN | User1 | 555-5555 | A;B;C | Desc1 | Desc2 | Desc3 |
In addition to data format on inputs, encoding can also be specified. Currently, returning data with UTF8 encoding or BASE64 encoding is supported. In order to retrieve data with a specified encoding, the other:encoding field must be specified for the desired attribute to be encoded. If no encoding is specified, UTF8 is the default.
An example of specifying encoding for an attribute:
...
<attr name="ObjectClass" other:dataFormat="delimitedData" other:encoding="UTF8" xs:type="string" readonly="false" required="false" other:ldaptype="OID" desc="The object class of the entry."/>
<attr name="SN" other:dataFormat="delimitedData" other:encoding="BASE64" xs:type="string" readonly="false" required="false" other:ldaptype="Directory String" desc="The surname of the person."/>
...
Optionally, there are two attributes that can be used to control how filtering is handled when using the driver with SupportEnhancedSQL. The other:ldaptype attribute can be used to set the LDAP syntax of a field. This is used to determine the comparison operators that are supported server-side on a per-field basis. For example, if a field is marked as the type 'DN' and a query filtering for a substring (i.e., CONTAINS), which is not supported server-side, the driver will instead process this part of the filter entirely client-side. The supported type names are found in section 4.3.2 of RFC 2252. If you are unsure of the type or just want to disable server-side filtering for a given column entirely, the other:filterable attribute is also available. Setting this to false for the field will prevent this from ever being sent to the server in a filter, overriding the other:ldaptype attribute entirely.
In addition to the attributes and inputs, you will need to specify the delimiter.
The delimiter specifies the character that will be used for delimited data. Delimited data will be returned for any attribute that appears multiple times for a single object (unless otherwise specified in other:dataFormat).
For example, the code below will concatenate multiple values of an attribute using the ';' character.
...
</rsb:info>
<!-- Table Settings -->
<rsb:set attr="delimiter" value=";"/>
...
Operation definitions will remain exactly the same for all newly created tables: Simply copy and paste these from an existing table, as needed.
<!-- Operation definitions -->
<rsb:script method="GET">
<rsb:set attr="action" value="Get" />
<rsb:call op="ldapadoLDAP" >
<rsb:push />
</rsb:call>
</rsb:script>
<rsb:script method="POST">
<rsb:set attr="action" value="Post" />
<rsb:call op="ldapadoLDAP" >
<rsb:push item="toout"/>
</rsb:call>
</rsb:script>
<rsb:script method="MERGE">
<rsb:set attr="action" value="Merge" />
<rsb:call op="ldapadoLDAP" >
<rsb:push />
</rsb:call>
</rsb:script>
<rsb:script method="DELETE">
<rsb:set attr="action" value="Delete" />
<rsb:call op="ldapadoLDAP" >
<rsb:push />
</rsb:call>
</rsb:script>
This section details a selection of advanced features of the LDAP Sync App.
The Sync App allows you to define virtual tables, called user defined views, whose contents are decided by a pre-configured query. These views are useful when you cannot directly control queries being issued to the drivers. See User Defined Views for an overview of creating and configuring custom views.
Use SSL Configuration to adjust how Sync App handles TLS/SSL certificate negotiations. You can choose from various certificate formats; see the SSLServerCert property under "Connection String Options" for more information.
Configure the Sync App for compliance with Firewall and Proxy, including Windows proxies. You can also set up tunnel connections.
The Sync App offloads as much of the SELECT statement processing as possible to LDAP and then processes the rest of the query in memory (client-side).
See Query Processing for more information.
See Logging for an overview of configuration settings that can be used to refine CData logging. For basic logging, you only need to set two connection properties, but there are numerous features that support more refined logging, where you can select subsets of information to be logged using the LogModules connection property.
By default, the Sync App attempts to negotiate SSL/TLS by checking the server's certificate against the system's trusted certificate store.
To specify another certificate, see the SSLServerCert property for the available formats to do so.
Set the following properties:
The CData Sync App models LDAP entities in relational tables and stored procedures.
The included Tables cover many standard LDAP object classes. You can easily extend the table schemas to map more closely to your LDAP classes. The schemas are defined in simple configuration files. The schemas shipped with the Sync App are located in the db subfolder of the installation directory.
See Working with LDAP Tables for a guide to customizing table schemas.
To use custom tables and schemas, set the Location property to the folder containing the schema files.
The Sync App models the data in LDAP as a list of tables in a relational database that can be queried using standard SQL statements.
| Name | Description |
| Group | Stores a list of user names. Used to apply security principals on resources. |
| OrganizationalPerson | This class is used for objects that contain organizational information about a user, such as the employee number, department, manager, title, office address, and so on. |
| Person | Contains personal information about a user. |
| Top | The top level class from which all classes are derived. |
| User | This class is used to store information about an employee or contractor who works for an organization. It is also possible to apply this class to long term visitors. |
Stores a list of user names. Used to apply security principals on resources.
All columns support server-side processing for the operators =, >= , <=, !=, LIKE, AND, and OR. Other filters are executed client side within the Sync App. For example, the following query is processed by LDAP:
SELECT * FROM Group WHERE GroupType != '-2147483644' AND ObjectClass = 'top;group' LIMIT 5
To add a Group, all fields can be specified except Id, DN, and BaseDN. Required fields that should be provided are RDN and ObjectClass. For example:
INSERT INTO Group (RDN, ObjectClass) VALUES ('CN=Domain Admins', 'group')
All columns except Id, DN, and BaseDN can be updated by providing the Id in the WHERE clause. For example:
UPDATE Group SET Member = 'CN=SUPPORT_388945a0,CN=Users,DC=MyDC' WHERE Id = '1|CN=HelpServicesGroup,CN=Users,DC=MyDC'
Groups can be deleted by providing the Id of the Group in a DELETE statement. For example:
DELETE FROM Group WHERE Id = '1|CN=HelpServicesGroup,CN=Users,DC=MyDC'
| Name | Type | ReadOnly | References | DataFormat | Description |
| Id [KEY] | String | True |
Combined index and DN. Multiple indices are only possible when a column is set to SplitDataByRow. | ||
| DN | String | True |
The full distinguished name. | ||
| RDN | String | False |
The relative distinguished name. | ||
| BaseDN | String | True |
The base distinguished name. | ||
| GroupType | String | False | DelimitedData |
Contains a set of flags that define the type and scope of a group object. For the possible values for this attribute, see Remarks. | |
| ObjectClass | String | False | SplitDataByRow |
The list of classes from which this class is derived. | |
| Member | String | False | DelimitedData |
The list of users that belong to the group. | |
| NTGroupMembers | String | False | DelimitedData |
This attribute is not used. | |
| OperatorCount | String | False | DelimitedData |
Operator count. | |
| AdminCount | String | False | DelimitedData |
Indicates that a given object has had its ACLs changed to a more secure value by the system because it was a member of one of the administrative groups (directly or transitively). | |
| GroupAttributes | String | False | DelimitedData |
The Group-Attributes attribute is not currently used. | |
| GroupMembershipSAM | String | False | DelimitedData |
Windows NT Security. Down level Windows NT support. | |
| ControlAccessRights | String | False | DelimitedData |
Used by DS Security to determine which users can perform specific operations on the host object. | |
| DesktopProfile | String | False | DelimitedData |
The location of the desktop profile for a user or group of users. Not used. | |
| NonSecurityMember | String | False | DelimitedData |
Nonsecurity members of a group. Used for Exchange distribution lists. | |
| ManagedBy | String | False | DelimitedData |
The distinguished name of the user that is assigned to manage this object. | |
| PrimaryGroupToken | String | False | DelimitedData |
A computed attribute that is used in retrieving the membership list of a group, such as Domain Users. The complete membership of such groups is not stored explicitly for scaling reasons. | |
| String | False | DelimitedData |
The list of email addresses for a contact. |
Pseudo column fields are used in the WHERE clause of SELECT statements and offer a more granular control over the tuples that are returned from the data source.
| Name | Type | Description |
| Filter | String |
Defines the LDAP filter explicitly, overriding any other values set in the WHERE clause. |
This class is used for objects that contain organizational information about a user, such as the employee number, department, manager, title, office address, and so on.
All columns support server-side processing for the operators =, >= , <=, !=, LIKE, AND, and OR. Other filters are executed client side within the Sync App. For example, the following query is processed by LDAP:
SELECT * FROM OrganizationalPerson WHERE CN != 'NewUser' AND BaseDN = 'CN=Users,DC=MyDC' LIMIT 5
To add a OrganizationalPerson, all fields can be specified except Id, DN, and BaseDN. Required fields that should be provided are RDN and ObjectClass. For example:
INSERT INTO OrganizationalPerson (RDN, ObjectClass) VALUES ('CN=NewUser', 'top;person;organizationalPerson;user;inetOrgPerson')
All columns except Id, DN, and BaseDN can be updated by providing the Id in the WHERE clause. For example:
UPDATE OrganizationalPerson SET Description = 'desc' WHERE Id = '1|CN=NewUser,CN=Users,DC=MyDC'
OrganizationalPersons can be deleted by providing the Id of the OrganizationalPerson in a DELETE statement. For example:
DELETE FROM OrganizationalPerson WHERE Id = '1|CN=NewUser,CN=Users,DC=MyDC'
| Name | Type | ReadOnly | References | DataFormat | Description |
| Id [KEY] | String | True |
Combined index and DN. Multiple indices are only possible when a column is set to SplitDataByRow. | ||
| DN | String | True |
The full distinguished name. | ||
| RDN | String | False |
The relative distinguished name. | ||
| BaseDN | String | True |
The base distinguished name. | ||
| ObjectClass | String | False | DelimitedData |
The list of classes from which this class is derived. | |
| SN | String | False | DelimitedData |
This attribute contains the family or last name for a user. | |
| CN | String | False | DelimitedData |
The name that represents an object. Used to perform searches. | |
| UserPassword | String | False | DelimitedData |
The user's password in UTF-8 format. This is a write-only attribute. | |
| TelephoneNumber | String | False | DelimitedData |
The primary telephone number. | |
| SeeAlso | String | False | DelimitedData |
List of distinguished names that are related to an object. | |
| Description | String | False | DelimitedData |
Contains the description to display for an object. This value is restricted as single-valued for backward compatibility in some cases but is allowed to be multi-valued in others. See Remarks. | |
| Title | String | False | DelimitedData |
Contains the user's job title. This property is commonly used to indicate the formal job title, such as Senior Programmer, rather than occupational class, such as programmer. It is not typically used for suffix titles such as Esq. or DDS. | |
| X121Address | String | False | DelimitedData |
The X.121 address for an object. | |
| RegisteredAddress | String | False | DelimitedData |
Specifies a mnemonic for an address associated with an object at a particular city location. The mnemonic is registered in the country/region in which the city is located and is used in the provision of the Public Telegram Service. | |
| DestinationIndicator | String | False | DelimitedData |
This is part of the X.500 specification and not used by NTDS. | |
| PreferredDeliveryMethod | String | False | DelimitedData |
The X.500-preferred way to deliver to addressee. | |
| TelexNumber | String | False | DelimitedData |
A list of alternate telex numbers. | |
| TeletexTerminalIdentifier | String | False | DelimitedData |
Specifies the Teletex terminal identifier and, optionally, parameters, for a teletex terminal associated with an object. | |
| InternationalISDNNumber | String | False | DelimitedData |
Specifies an International ISDN Number associated with an object. | |
| FacsimileTelephoneNumber | String | False | DelimitedData |
Contains telephone number of the user's business fax machine. | |
| Street | String | False | DelimitedData |
The street address. | |
| PostOfficeBox | String | False | DelimitedData |
The post office box number for this object. | |
| PostalCode | String | False | DelimitedData |
The postal or zip code for mail delivery. | |
| PostalAddress | String | False | DelimitedData |
The mailing address for the object. | |
| PhysicalDeliveryOfficeName | String | False | DelimitedData |
Contains the office location in the user's place of business. | |
| OU | String | False | DelimitedData |
The name of the organizational unit. | |
| ST | String | False | DelimitedData |
The name of a user's state or province. | |
| L | String | False | DelimitedData |
Represents the name of a locality, such as a town or city. |
Pseudo column fields are used in the WHERE clause of SELECT statements and offer a more granular control over the tuples that are returned from the data source.
| Name | Type | Description |
| Filter | String |
Defines the LDAP filter explicitly, overriding any other values set in the WHERE clause. |
Contains personal information about a user.
All columns support server-side processing for the operators =, >= , <=, !=, LIKE, AND, and OR. Other filters are executed client side within the Sync App. For example, the following query is processed by LDAP:
SELECT * FROM Person WHERE ObjectClass = 'top' AND CN LIKE '%NewUser%' LIMIT 5
To add a Person, all fields can be specified except Id, DN, and BaseDN. Required fields that should be provided are RDN and ObjectClass. For example:
INSERT INTO Person (RDN, ObjectClass) VALUES ('CN=Domain Admins', 'Person')
All columns except Id, DN, and BaseDN can be updated by providing the Id in the WHERE clause. For example:
UPDATE Person SET Description = 'desc' WHERE Id = '1|CN=NewUser,CN=Users,DC=MyDC'
Person rows can be deleted by providing the Id of the Person in a DELETE statement. For example:
DELETE FROM Person WHERE Id = '1|CN=NewUser,CN=Users,DC=MyDC'
| Name | Type | ReadOnly | References | DataFormat | Description |
| Id [KEY] | String | True |
Combined index and DN. Multiple indices are only possible when a column is set to SplitDataByRow. | ||
| DN | String | True |
The full distinguished name. | ||
| RDN | String | False |
The relative distinguished name. | ||
| BaseDN | String | True |
The base distinguished name. | ||
| ObjectClass_1 | String | False | SplitDataByCol |
The list of classes from which this class is derived. | |
| ObjectClass_2 | String | False | SplitDataByCol |
The list of classes from which this class is derived. | |
| ObjectClass_3 | String | False | SplitDataByCol |
The list of classes from which this class is derived. | |
| ObjectClass_4 | String | False | SplitDataByCol |
The list of classes from which this class is derived. | |
| SN | String | False | DelimitedData |
This attribute contains the family or last name for a user. | |
| CN | String | False | DelimitedData |
The name that represents an object. Used to perform searches. | |
| UserPassword | String | False | DelimitedData |
The user's password in UTF-8 format. This is a write-only attribute. | |
| TelephoneNumber | String | False | DelimitedData |
The primary telephone number. | |
| SeeAlso | String | False | SplitDataByRow |
List of distinguished names that are related to an object. | |
| Description | String | False | DelimitedData |
Contains the description to display for an object. This value is restricted as single-valued for backward compatibility in some cases but is allowed to be multi-valued in others. See Remarks. |
Pseudo column fields are used in the WHERE clause of SELECT statements and offer a more granular control over the tuples that are returned from the data source.
| Name | Type | Description |
| Filter | String |
Defines the LDAP filter explicitly, overriding any other values set in the WHERE clause. |
The top level class from which all classes are derived.
All columns support server-side processing for the following operators =, >= , <=, !=, LIKE, AND, and OR. Other filters are executed client side within the Sync App. For example, the following query is processed by LDAP:
SELECT * FROM Top WHERE CN != 'NewUser' AND BaseDN = 'CN=Users,DC=MyDC' LIMIT 5
To add a Top record, all fields can be specified except Id, DN, and BaseDN. Required fields that should be provided are RDN and ObjectClass. For example:
INSERT INTO Top (RDN, ObjectClass) VALUES ('CN=NewUser', 'top;person;organizationalPerson;user;inetOrgPerson')
All columns except Id, DN, and BaseDN can be updated by providing the Id in the WHERE clause. For example:
UPDATE Top SET Description = 'test' WHERE Id = '1|CN=NewUser,CN=Users,DC=MyDC'
Top records can be deleted by providing the Id of the Top record in a DELETE statement. For example:
DELETE FROM Top WHERE Id = '1|CN=NewUser,CN=Users,DC=MyDC'
| Name | Type | ReadOnly | References | DataFormat | Description |
| Id [KEY] | String | True |
Combined index and DN. Multiple indices are only possible when a column is set to SplitDataByRow. | ||
| DN | String | True |
The full distinguished name. | ||
| RDN | String | False |
The relative distinguished name. | ||
| BaseDN | String | True |
The base distinguished name. | ||
| ObjectClass | String | False | DelimitedData |
The list of classes from which this class is derived. | |
| SN | String | False | DelimitedData |
This attribute contains the family or last name for a user. | |
| CN | String | False | DelimitedData |
The name that represents an object. Used to perform searches. | |
| GroupType | String | False | DelimitedData |
Contains a set of flags that define the type and scope of a group object. | |
| MemberOf | String | False | DelimitedData |
The distinguished name of the groups to which this object belongs. | |
| DC | String | False | DelimitedData |
The attribute DC for the Domain object class. |
Pseudo column fields are used in the WHERE clause of SELECT statements and offer a more granular control over the tuples that are returned from the data source.
| Name | Type | Description |
| Filter | String |
Defines the LDAP filter explicitly, overriding any other values set in the WHERE clause. |
This class is used to store information about an employee or contractor who works for an organization. It is also possible to apply this class to long term visitors.
All columns support server-side processing for the operators =, >= , <=, !=, LIKE, AND, and OR. Other filters are executed client side within the Sync App. For example, the following query is processed by LDAP:
SELECT * FROM User WHERE Title LIKE '%abc%' AND AdminCount != '1' LIMIT 5
To add a User, all fields can be specified except Id, DN, and BaseDN. Required fields that should be provided are RDN and ObjectClass. For example:
INSERT INTO [User] (RDN, ObjectClass) VALUES ('CN=TestUser', 'Top; Person; OrganizationalPerson; User')
All columns except Id, DN, and BaseDN can be updated by providing the Id in the WHERE clause. For example:
UPDATE User SET PostalCode = '94042' WHERE Id = '1|CN=NewUser,CN=Users,DC=MyDC'
Users can be deleted by providing the Id of the User in a DELETE statement. For example:
DELETE FROM User WHERE Id = '1|CN=NewUser,CN=Users,DC=MyDC'
| Name | Type | ReadOnly | References | DataFormat | Description |
| Id [KEY] | String | True |
Combined index and DN. Multiple indices are only possible when a column is set to SplitDataByRow. | ||
| DN | String | True |
The full distinguished name. | ||
| RDN | String | False |
The relative distinguished name. | ||
| BaseDN | String | True |
The base distinguished name. | ||
| ObjectClass | String | False | DelimitedData |
The list of classes from which this class is derived. | |
| SN | String | False | DelimitedData |
This attribute contains the family or last name for a user. | |
| CN | String | False | DelimitedData |
The name that represents an object. Used to perform searches. | |
| UserPassword | String | False | DelimitedData |
The user's password in UTF-8 format. This is a write-only attribute. | |
| TelephoneNumber | String | False | DelimitedData |
The primary telephone number. | |
| SeeAlso | String | False | DelimitedData |
List of distinguished names that are related to an object. | |
| Description | String | False | DelimitedData |
Contains the description to display for an object. This value is restricted as single-valued for backward compatibility in some cases but is allowed to be multi-valued in others. See Remarks. | |
| Title | String | False | DelimitedData |
Contains the user's job title. This property is commonly used to indicate the formal job title, such as Senior Programmer, rather than occupational class, such as programmer. It is not typically used for suffix titles such as Esq. or DDS. | |
| X121Address | String | False | DelimitedData |
The X.121 address for an object. | |
| RegisteredAddress | String | False | DelimitedData |
Specifies a mnemonic for an address associated with an object at a particular city location. The mnemonic is registered in the country/region in which the city is located and is used in the provision of the Public Telegram Service. | |
| DestinationIndicator | String | False | DelimitedData |
This is part of the X.500 specification and not used by NTDS. | |
| PreferredDeliveryMethod | String | False | DelimitedData |
The X.500-preferred way to deliver to addressee. | |
| TelexNumber | String | False | DelimitedData |
A list of alternate telex numbers. | |
| TeletexTerminalIdentifier | String | False | DelimitedData |
Specifies the Teletex terminal identifier and, optionally, parameters, for a teletex terminal associated with an object. | |
| InternationalISDNNumber | String | False | DelimitedData |
Specifies an International ISDN Number associated with an object. | |
| FacsimileTelephoneNumber | String | False | DelimitedData |
Contains telephone number of the user's business fax machine. | |
| Street | String | False | DelimitedData |
The street address. | |
| PostOfficeBox | String | False | DelimitedData |
The post office box number for this object. | |
| PostalCode | String | False | DelimitedData |
The postal or zip code for mail delivery. | |
| PostalAddress | String | False | DelimitedData |
The mailing address for the object. | |
| PhysicalDeliveryOfficeName | String | False | DelimitedData |
Contains the office location in the user's place of business. | |
| OU | String | False | DelimitedData |
The name of the organizational unit. | |
| ST | String | False | DelimitedData |
The name of a user's state or province. | |
| L | String | False | DelimitedData |
Represents the name of a locality, such as a town or city. | |
| UserCertificate | String | False | DelimitedData |
Contains the DER-encoded X.509v3 certificates issued to the user. Note that this property contains the public key certificates issued to this user by Microsoft Certificate Service. | |
| NetworkAddress | String | False | DelimitedData |
The TCP/IP address for a network segment. Also called the subnet address. | |
| UserAccountControl | String | False | DelimitedData |
Flags that control the behavior of the user account. | |
| BadPwdCount | String | False | DelimitedData |
The number of times the user tried to log on to the account using an incorrect password. A value of 0 indicates that the value is unknown. | |
| CodePage | String | False | DelimitedData |
Specifies the code page for the user's language of choice. This value is not used by Windows 2000. | |
| HomeDirectory | String | False | DelimitedData |
The home directory for the account. If homeDrive is set and specifies a drive letter, homeDirectory must be a UNC path. Otherwise, homeDirectory is a fully qualified local path including the drive letter (for example, DriveLetter:\Directory\Folder). This value can be a null string. | |
| HomeDrive | String | False | DelimitedData |
Specifies the drive letter to which to map the UNC path specified by homeDirectory. The drive letter must be specified in the form DriveLetter: where DriveLetter is the letter of the drive to map. The DriveLetter must be a single, uppercase letter and the colon (:) is required. | |
| BadPasswordTime | Datetime | False | DelimitedData |
The last time and date that an attempt to log on to this account was made with a password that is not valid. This value is stored as a large integer that represents the number of 100-nanosecond INTEGERs since January 1, 1601 (UTC). A value of zero means that the last time a incorrect password was used is unknown. | |
| LastLogoff | String | False | DelimitedData |
This attribute is not used. | |
| LastLogon | Datetime | False | DelimitedData |
The last time the user logged on. This value is stored as a large integer that represents the number of 100-nanosecond INTEGERs since January 1, 1601 (UTC). A value of zero means that the last logon time is unknown. | |
| DBCSPwd | String | False | DelimitedData |
The account's LAN Manager password. | |
| LocaleID | String | False | DelimitedData |
This attribute contains a list of locale IDs supported by this application. A locale ID represents a geographic location, such as a country/region, city, county, and so on. | |
| ScriptPath | String | False | DelimitedData |
This attribute specifies the path for the user's logon script. The string can be null. | |
| LogonHours | String | False | DelimitedData |
The hours that the user is allowed to logon to the domain. | |
| LogonWorkstation | String | False | DelimitedData |
This attribute is not used. See the User-Workstations attribute. | |
| MaxStorage | String | False | DelimitedData |
The maximum amount of disk space the user can use. Use the value specified in USER_MAXSTORAGE_UNLIMITED to use all available disk space. | |
| UserWorkstations | String | False | DelimitedData |
Contains the NetBIOS or DNS names of the computers running Windows NT Workstation or Windows 2000 Professional from which the user can log on. Each NetBIOS name is separated by a comma. Multiple names should be separated by commas. | |
| UnicodePwd | String | False | DelimitedData |
The password of the user in Windows NT one-way format (OWF). Windows 2000 uses the Windows NT OWF. This property is used only by the operating system. Note that you cannot derive the clear password back from the OWF form of the password. | |
| OtherLoginWorkstations | String | False | DelimitedData |
Non-Windows NT or LAN Manager workstations from which a user can log on. | |
| NtPwdHistory | String | False | DelimitedData |
The password history of the user in Windows NT one-way format (OWF). Windows 2000 uses the Windows NT OWF. | |
| PwdLastSet | Datetime | False | DelimitedData |
The date and time that the password for this account was last changed. This value is stored as a large integer that represents the number of 100 nanosecond INTEGERs since January 1, 1601 (UTC). If this value is set to 0 and the User-Account-Control attribute does not contain the UF_DONT_EXPIRE_PASSWD flag, then the user must set the password at the next logon. | |
| PreferredOU | String | False | DelimitedData |
The Organizational Unit to show by default on user' s desktop. | |
| PrimaryGroupID | String | False | DelimitedData |
Contains the relative identifier (RID) for the primary group of the user. By default, this is the RID for the Domain Users group. | |
| UserParameters | String | False | DelimitedData |
Parameters of the user. Points to a Unicode string that is set aside for use by applications. This string can be a null string, or it can have any number of characters before the terminating null character. Microsoft products use this member to store user data specific to the individual program. | |
| ProfilePath | String | False | DelimitedData |
Specifies a path to the user's profile. This value can be a null string, a local absolute path, or a UNC path. | |
| OperatorCount | String | False | DelimitedData |
Operator count. | |
| AdminCount | String | False | DelimitedData |
Indicates that a given object has had its ACLs changed to a more secure value by the system because it was a member of one of the administrative groups (directly or transitively). | |
| AccountExpires | Datetime | False | DelimitedData |
The date when the account expires. This value represents the number of 100-nanosecond INTEGERs since January 1, 1601 (UTC). A value of 0 or 0x7FFFFFFFFFFFFFFF (9223372036854775807) indicates that the account never expires. | |
| LmPwdHistory | String | False | DelimitedData |
The password history of the user in LAN Manager (LM) one-way format (OWF). The LM OWF is used for compatibility with LAN Manager 2.x clients, Windows 95, and Windows 98. | |
| GroupMembershipSAM | String | False | DelimitedData |
Windows NT Security. Down level Windows NT support. | |
| LogonCount | String | False | DelimitedData |
The number of times the account has successfully logged on. A value of 0 indicates that the value is unknown. | |
| ControlAccessRights | String | False | DelimitedData |
Used by DS Security to determine which users can perform specific operations on the host object. | |
| DefaultClassStore | String | False | DelimitedData |
The default Class Store for a given user. | |
| GroupsToIgnore | String | False | DelimitedData |
The Groups-to-Ignore attribute is not currently used. | |
| GroupPriority | String | False | DelimitedData |
The Group-Priority attribute is not currently used. | |
| DesktopProfile | String | False | DelimitedData |
The location of the desktop profile for a user or group of users. Not used. | |
| DynamicLDAPServer | String | False | DelimitedData |
DNS name of server handing dynamic properties for this account. | |
| UserPrincipalName | String | False | DelimitedData |
This attribute contains the UPN that is an Internet-style login name for a user based on the Internet standard RFC 822. The UPN is shorter than the distinguished name and easier to remember. By convention, this should map to the user email name. The value set for this attribute is equal to the length of the user's ID and the domain name. For more information about this attribute, see User Naming Attributes. | |
| LockoutTime | Datetime | False | DelimitedData |
The date and time (UTC) that this account was locked out. This value is stored as a large integer that represents the number of 100-nanosecond INTEGERs since January 1, 1601 (UTC). A value of zero means that the account is not currently locked out. | |
| UserSharedFolder | String | False | DelimitedData |
Specifies a UNC path to the user's shared documents folder. The path must be a network UNC path of the form \\Server\Share\Directory. This value can be a null string. | |
| UserSharedFolderOther | String | False | DelimitedData |
Specifies a UNC path to the user's additional shared documents folder. The path must be a network UNC path of the form \\Server\Share\Directory. This value can be a null string. | |
| ServicePrincipalName | String | False | DelimitedData |
List of principal names used for mutual authentication with an instance of a service on this computer. | |
| ACSPolicyName | String | False | DelimitedData |
String name of an ACS policy that applies to this user. | |
| TerminalServer | String | False | DelimitedData |
Opaque data used by the Windows NT terminal server. | |
| MSMQSignCertificates | String | False | DelimitedData |
This attribute contains a number of certificates. A user can generate a certificate per computer. For each certificate we also keep a digest. | |
| MSMQDigests | String | False | DelimitedData |
An array of digests of the corresponding certificates in attribute mSMQ-Sign-Certificates. They are used for mapping a digest into a certificate. | |
| MSMQDigestsMig | String | False | DelimitedData |
In MSMQ mixed-mode, contains the previous value of mSMQDigests. | |
| MSMQSignCertificatesMig | String | False | DelimitedData |
In MSMQ mixed-mode, the attribute contains the previous value of mSMQSignCertificates. MSMQ supports migration from the MSMQ 1.0 DS to the Windows 2000 DS, and mixed mode specifies a state in which some of the DS severs were not upgraded to Windows 2000. | |
| MsNPAllowDialin | String | False | DelimitedData |
Indicates whether the account has permission to dial in to the RAS server. Do not modify this value directly. Use the appropriate RAS administration function to modify this value. | |
| MsNPCallingStationID | String | False | DelimitedData |
The msNPCallingStationID attribute is used internally. Do not modify this value directly. | |
| MsNPSavedCallingStationID | String | False | DelimitedData |
The msNPSavedCallingStationID attribute is used internally. Do not modify this value directly. | |
| MsRADIUSCallbackNumber | String | False | DelimitedData |
The msRADIUSCallbackNumber attribute is used internally. Do not modify this value directly. | |
| MsRADIUSFramedIPAddress | String | False | DelimitedData |
The msRADIUSFramedIPAddress attribute is used internally. Do not modify this value directly. | |
| MsRADIUSFramedRoute | String | False | DelimitedData |
The msRADIUSFramedRoute attribute is used internally. Do not modify this value directly. | |
| MsRADIUSServiceType | String | False | DelimitedData |
The msRADIUSServiceType attribute is used internally. Do not modify this value directly. | |
| MsRASSavedCallbackNumber | String | False | DelimitedData |
The msRASSavedCallbackNumber attribute is used internally. Do not modify this value directly. | |
| MsRASSavedFramedIPAddress | String | False | DelimitedData |
The msRASSavedFramedIPAddress attribute is used internally. Do not modify this value directly. | |
| MsRASSavedFramedRoute | String | False | DelimitedData |
The msRASSavedFramedRoute attribute is used internally. Do not modify this value directly. | |
| MS-DS-CreatorSID | String | False | DelimitedData |
The security ID of the creator of the object that contains this attribute. |
Pseudo column fields are used in the WHERE clause of SELECT statements and offer a more granular control over the tuples that are returned from the data source.
| Name | Type | Description |
| Filter | String |
Defines the LDAP filter explicitly, overriding any other values set in the WHERE clause. |
The connection string properties are the various options that can be used to establish a connection. This section provides a complete list of the options you can configure in the connection string for this provider. Click the links for further details.
For more information on establishing a connection, see Establishing a Connection.
| Property | Description |
| Server | The domain name or IP of the LDAP server. |
| Port | The port the LDAP server is running on. |
| User | The distinguished name of a user. |
| Password | The password for the distinguished name of the specified user. |
| BaseDN | The base portion of the distinguished name, used for limiting results to specific subtrees. |
| UseSSL | Whether or not to use SSL to connect to the server. |
| LDAPVersion | The LDAP version used to connect to and communicate with the server. |
| AuthMechanism | The authentication mechanism to be used when connecting to the LDAP server. |
| Scope | Whether to limit the scope of the search to the whole subtree (BaseDN and all of its descendants), a single level (BaseDN and its direct descendants), or the base object (BaseDN only). |
| DNAttributeFilter | Whether to use distinguishedName or entryDN as the DN attribute name to use for filters. |
| Property | Description |
| SSLServerCert | The certificate to be accepted from the server when connecting using TLS/SSL. |
| Property | Description |
| FirewallType | The protocol used by a proxy-based firewall. |
| FirewallServer | The name or IP address of a proxy-based firewall. |
| FirewallPort | The TCP port for a proxy-based firewall. |
| FirewallUser | The user name to use to authenticate with a proxy-based firewall. |
| FirewallPassword | A password used to authenticate to a proxy-based firewall. |
| Property | Description |
| LogModules | Core modules to be included in the log file. |
| Property | Description |
| Location | A path to the directory that contains the schema files defining tables, views, and stored procedures. |
| BrowsableSchemas | This property restricts the schemas reported to a subset of the available schemas. For example, BrowsableSchemas=SchemaA,SchemaB,SchemaC. |
| Tables | This property restricts the tables reported to a subset of the available tables. For example, Tables=TableA,TableB,TableC. |
| Views | Restricts the views reported to a subset of the available tables. For example, Views=ViewA,ViewB,ViewC. |
| Property | Description |
| FollowReferrals | Whether or not to follow LDAP referrals returned by the LDAP server. |
| FriendlyGUID | Whether to return GUID attribute values in a human readable format. |
| FriendlySID | Whether to return SID attribute values in a human readable format. |
| MaxRows | Limits the number of rows returned when no aggregation or GROUP BY is used in the query. This takes precedence over LIMIT clauses. |
| Other | These hidden properties are used only in specific use cases. |
| PseudoColumns | This property indicates whether or not to include pseudo columns as columns to the table. |
| Timeout | The value in seconds until the timeout error is thrown, canceling the operation. |
| UserDefinedViews | A filepath pointing to the JSON configuration file containing your custom views. |
This section provides a complete list of the Authentication properties you can configure in the connection string for this provider.
| Property | Description |
| Server | The domain name or IP of the LDAP server. |
| Port | The port the LDAP server is running on. |
| User | The distinguished name of a user. |
| Password | The password for the distinguished name of the specified user. |
| BaseDN | The base portion of the distinguished name, used for limiting results to specific subtrees. |
| UseSSL | Whether or not to use SSL to connect to the server. |
| LDAPVersion | The LDAP version used to connect to and communicate with the server. |
| AuthMechanism | The authentication mechanism to be used when connecting to the LDAP server. |
| Scope | Whether to limit the scope of the search to the whole subtree (BaseDN and all of its descendants), a single level (BaseDN and its direct descendants), or the base object (BaseDN only). |
| DNAttributeFilter | Whether to use distinguishedName or entryDN as the DN attribute name to use for filters. |
The domain name or IP of the LDAP server.
Specify the server's domain name or IP address in this property. This value does not need to include the LDAP:\\ portion, only the server domain name or IP.
The port the LDAP server is running on.
The port the LDAP server is running on. Together with Server, this property is used to specify the LDAP server.
The distinguished name of a user.
Together with Password, this field is used to authenticate against the LDAP server.
The password for the distinguished name of the specified user.
Together with User, this field is used to authenticate against the LDAP server.
The base portion of the distinguished name, used for limiting results to specific subtrees.
Specifying a base DN may greatly improve performance when returning entries for large servers by limiting the number of entries that need to be examined.
Whether or not to use SSL to connect to the server.
Whether or not to use SSL to connect to the server. Note that a port of 636 will always use SSL.
The LDAP version used to connect to and communicate with the server.
Set this property to 2 or 3. The Sync App is a standard LDAP client as specified in RFC 1777, 2251, and other LDAP RFCs.
The authentication mechanism to be used when connecting to the LDAP server.
By default, AuthMechanism is set to SIMPLE, and default plaintext authentication is used to log in to the server. If AuthMechanism is set to NEGOTIATE, NTLM/NEGOTIATE authentication will be used.
Whether to limit the scope of the search to the whole subtree (BaseDN and all of its descendants), a single level (BaseDN and its direct descendants), or the base object (BaseDN only).
Limiting scope can greatly improve search performance. Set Scope to one of the following values:
Whether to use distinguishedName or entryDN as the DN attribute name to use for filters.
Whether to use distinguishedName or entryDN as the DN attribute name to use for filters.
This section provides a complete list of the SSL properties you can configure in the connection string for this provider.
| Property | Description |
| SSLServerCert | The certificate to be accepted from the server when connecting using TLS/SSL. |
The certificate to be accepted from the server when connecting using TLS/SSL.
If using a TLS/SSL connection, this property can be used to specify the TLS/SSL certificate to be accepted from the server. Any other certificate that is not trusted by the machine is rejected.
This property can take the following forms:
| Description | Example |
| A full PEM Certificate (example shortened for brevity) | -----BEGIN CERTIFICATE----- MIIChTCCAe4CAQAwDQYJKoZIhv......Qw== -----END CERTIFICATE----- |
| A path to a local file containing the certificate | C:\cert.cer |
| The public key (example shortened for brevity) | -----BEGIN RSA PUBLIC KEY----- MIGfMA0GCSq......AQAB -----END RSA PUBLIC KEY----- |
| The MD5 Thumbprint (hex values can also be either space or colon separated) | ecadbdda5a1529c58a1e9e09828d70e4 |
| The SHA1 Thumbprint (hex values can also be either space or colon separated) | 34a929226ae0819f2ec14b4a3d904f801cbb150d |
If not specified, any certificate trusted by the machine is accepted.
Use '*' to signify to accept all certificates. Note that this is not recommended due to security concerns.
This section provides a complete list of the Firewall properties you can configure in the connection string for this provider.
| Property | Description |
| FirewallType | The protocol used by a proxy-based firewall. |
| FirewallServer | The name or IP address of a proxy-based firewall. |
| FirewallPort | The TCP port for a proxy-based firewall. |
| FirewallUser | The user name to use to authenticate with a proxy-based firewall. |
| FirewallPassword | A password used to authenticate to a proxy-based firewall. |
The protocol used by a proxy-based firewall.
This property specifies the protocol that the Sync App will use to tunnel traffic through the FirewallServer proxy.
| Type | Default Port | Description |
| TUNNEL | 80 | When this is set, the Sync App opens a connection to LDAP and traffic flows back and forth through the proxy. |
| SOCKS4 | 1080 | When this is set, the Sync App sends data through the SOCKS 4 proxy specified by FirewallServer and FirewallPort and passes the FirewallUser value to the proxy, which determines if the connection request should be granted. |
| SOCKS5 | 1080 | When this is set, the Sync App sends data through the SOCKS 5 proxy specified by FirewallServer and FirewallPort. If your proxy requires authentication, set FirewallUser and FirewallPassword to credentials the proxy recognizes. |
The name or IP address of a proxy-based firewall.
This property specifies the IP address, DNS name, or host name of a proxy allowing traversal of a firewall. The protocol is specified by FirewallType: Use FirewallServer with this property to connect through SOCKS or do tunneling.
The TCP port for a proxy-based firewall.
This specifies the TCP port for a proxy allowing traversal of a firewall. Use FirewallServer to specify the name or IP address. Specify the protocol with FirewallType.
The user name to use to authenticate with a proxy-based firewall.
The FirewallUser and FirewallPassword properties are used to authenticate against the proxy specified in FirewallServer and FirewallPort, following the authentication method specified in FirewallType.
A password used to authenticate to a proxy-based firewall.
This property is passed to the proxy specified by FirewallServer and FirewallPort, following the authentication method specified by FirewallType.
This section provides a complete list of the Logging properties you can configure in the connection string for this provider.
| Property | Description |
| LogModules | Core modules to be included in the log file. |
Core modules to be included in the log file.
Only the modules specified (separated by ';') will be included in the log file. By default all modules are included.
See the Logging page for an overview.
This section provides a complete list of the Schema properties you can configure in the connection string for this provider.
| Property | Description |
| Location | A path to the directory that contains the schema files defining tables, views, and stored procedures. |
| BrowsableSchemas | This property restricts the schemas reported to a subset of the available schemas. For example, BrowsableSchemas=SchemaA,SchemaB,SchemaC. |
| Tables | This property restricts the tables reported to a subset of the available tables. For example, Tables=TableA,TableB,TableC. |
| Views | Restricts the views reported to a subset of the available tables. For example, Views=ViewA,ViewB,ViewC. |
A path to the directory that contains the schema files defining tables, views, and stored procedures.
The path to a directory which contains the schema files for the Sync App (.rsd files for tables and views, .rsb files for stored procedures). The folder location can be a relative path from the location of the executable. The Location property is only needed if you want to customize definitions (for example, change a column name, ignore a column, and so on) or extend the data model with new tables, views, or stored procedures.
If left unspecified, the default location is "%APPDATA%\\CData\\LDAP Data Provider\\Schema" with %APPDATA% being set to the user's configuration directory:
| Platform | %APPDATA% |
| Windows | The value of the APPDATA environment variable |
| Linux | ~/.config |
This property restricts the schemas reported to a subset of the available schemas. For example, BrowsableSchemas=SchemaA,SchemaB,SchemaC.
Listing the schemas from databases can be expensive. Providing a list of schemas in the connection string improves the performance.
This property restricts the tables reported to a subset of the available tables. For example, Tables=TableA,TableB,TableC.
Listing the tables from some databases can be expensive. Providing a list of tables in the connection string improves the performance of the Sync App.
This property can also be used as an alternative to automatically listing views if you already know which ones you want to work with and there would otherwise be too many to work with.
Specify the tables you want in a comma-separated list. Each table should be a valid SQL identifier with any special characters escaped using square brackets, double-quotes or backticks. For example, Tables=TableA,[TableB/WithSlash],WithCatalog.WithSchema.`TableC With Space`.
Note that when connecting to a data source with multiple schemas or catalogs, you will need to provide the fully qualified name of the table in this property, as in the last example here, to avoid ambiguity between tables that exist in multiple catalogs or schemas.
Restricts the views reported to a subset of the available tables. For example, Views=ViewA,ViewB,ViewC.
Listing the views from some databases can be expensive. Providing a list of views in the connection string improves the performance of the Sync App.
This property can also be used as an alternative to automatically listing views if you already know which ones you want to work with and there would otherwise be too many to work with.
Specify the views you want in a comma-separated list. Each view should be a valid SQL identifier with any special characters escaped using square brackets, double-quotes or backticks. For example, Views=ViewA,[ViewB/WithSlash],WithCatalog.WithSchema.`ViewC With Space`.
Note that when connecting to a data source with multiple schemas or catalogs, you will need to provide the fully qualified name of the table in this property, as in the last example here, to avoid ambiguity between tables that exist in multiple catalogs or schemas.
This section provides a complete list of the Miscellaneous properties you can configure in the connection string for this provider.
| Property | Description |
| FollowReferrals | Whether or not to follow LDAP referrals returned by the LDAP server. |
| FriendlyGUID | Whether to return GUID attribute values in a human readable format. |
| FriendlySID | Whether to return SID attribute values in a human readable format. |
| MaxRows | Limits the number of rows returned when no aggregation or GROUP BY is used in the query. This takes precedence over LIMIT clauses. |
| Other | These hidden properties are used only in specific use cases. |
| PseudoColumns | This property indicates whether or not to include pseudo columns as columns to the table. |
| Timeout | The value in seconds until the timeout error is thrown, canceling the operation. |
| UserDefinedViews | A filepath pointing to the JSON configuration file containing your custom views. |
Whether or not to follow LDAP referrals returned by the LDAP server.
When following referrals, you will only be able to return data from the referral servers. INSERT/UPDATE/DELETE will not be available without updating the connection string to connect directly to that server.
Whether to return GUID attribute values in a human readable format.
When inspecting object attributes this setting determines whether GUID attributes such as "objectGUID" are returned as binary objects or converted into a human readable string such as "708d9374-d64a-49b2-97ea-489ddc717703". When set to True a friendly string value is returned. When set to False (default) a base 64 encoded string of the binary object is returned.
Whether to return SID attribute values in a human readable format.
When inspecting object attributes this setting determines whether SID attributes such as "objectSid" are returned as binary objects or converted into a human readable string such as "S-1-5-21-4272240814-246508344-1325542772-12464". When set to True a friendly string value is returned. When set to False (default) a base 64 encoded string of the binary object is returned.
Limits the number of rows returned when no aggregation or GROUP BY is used in the query. This takes precedence over LIMIT clauses.
Limits the number of rows returned when no aggregation or GROUP BY is used in the query. This takes precedence over LIMIT clauses.
These hidden properties are used only in specific use cases.
The properties listed below are available for specific use cases. Normal driver use cases and functionality should not require these properties.
Specify multiple properties in a semicolon-separated list.
| DefaultColumnSize | Sets the default length of string fields when the data source does not provide column length in the metadata. The default value is 2000. |
| ConvertDateTimeToGMT | Determines whether to convert date-time values to GMT, instead of the local time of the machine. |
| RecordToFile=filename | Records the underlying socket data transfer to the specified file. |
This property indicates whether or not to include pseudo columns as columns to the table.
This setting is particularly helpful in Entity Framework, which does not allow you to set a value for a pseudo column unless it is a table column. The value of this connection setting is of the format "Table1=Column1, Table1=Column2, Table2=Column3". You can use the "*" character to include all tables and all columns; for example, "*=*".
The value in seconds until the timeout error is thrown, canceling the operation.
If Timeout = 0, operations do not time out. The operations run until they complete successfully or until they encounter an error condition.
If Timeout expires and the operation is not yet complete, the Sync App throws an exception.
A filepath pointing to the JSON configuration file containing your custom views.
User Defined Views are defined in a JSON-formatted configuration file called UserDefinedViews.json. The Sync App automatically detects the views specified in this file.
You can also have multiple view definitions and control them using the UserDefinedViews connection property. When you use this property, only the specified views are seen by the Sync App.
This User Defined View configuration file is formatted as follows:
For example:
{
"MyView": {
"query": "SELECT * FROM User WHERE MyColumn = 'value'"
},
"MyView2": {
"query": "SELECT * FROM MyTable WHERE Id IN (1,2,3)"
}
}
Use the UserDefinedViews connection property to specify the location of your JSON configuration file. For example:
"UserDefinedViews", C:\Users\yourusername\Desktop\tmp\UserDefinedViews.jsonNote that the specified path is not embedded in quotation marks.