LDAP
Important Capabilities
| Capability | Status | Notes | 
|---|---|---|
| Detect Deleted Entities | ✅ | Enabled by default via stateful ingestion. | 
This plugin extracts the following:
- People
- Names, emails, titles, and manager information for each person
- List of groups
CLI based Ingestion
Starter Recipe
Check out the following recipe to get started with ingestion! See below for full configuration options.
For general pointers on writing and running a recipe, see our main recipe guide.
source:
  type: "ldap"
  config:
    # Coordinates
    ldap_server: ldap://localhost
    # Credentials
    ldap_user: "cn=admin,dc=example,dc=org"
    ldap_password: "admin"
    # Options
    base_dn: "dc=example,dc=org"
sink:
  # sink configs
Config Details
- Options
- Schema
Note that a . is used to denote nested fields in the YAML recipe.
| Field | Description | 
|---|---|
| base_dn ✅ string | LDAP DN. | 
| ldap_password ✅ string | LDAP password. | 
| ldap_server ✅ string | LDAP server URL. | 
| ldap_user ✅ string | LDAP user. | 
| drop_missing_first_last_name boolean | If set to true, any users without first and last names will be dropped. Default: True | 
| filter string | LDAP extractor filter. Default: (objectClass=*) | 
| group_attrs_map object | Default: {} | 
| manager_filter_enabled boolean | Use LDAP extractor filter to search managers. Default: True | 
| manager_pagination_enabled boolean | [deprecated] Use pagination_enabled Default: True | 
| page_size integer | Size of each page to fetch when extracting metadata. Default: 20 | 
| pagination_enabled boolean | Use pagination while do search query (enabled by default). Default: True | 
| platform_instance One of string, null | The instance of the platform that all assets produced by this recipe belong to. This should be unique within the platform. See https://docs.datahub.com/docs/platform-instances/ for more details. Default: None | 
| use_email_as_username boolean | Use email for users' usernames instead of username (disabled by default).             If enabled, the user and group urn would be having email as the id part of the urn. Default: False | 
| user_attrs_map object | Default: {} | 
| env string | The environment that all assets produced by this connector belong to Default: PROD | 
| attrs_list One of array, null | Retrieved attributes list Default: None | 
| attrs_list.string string | |
| custom_props_list One of array, null | A list of custom attributes to extract from the LDAP provider. Default: None | 
| custom_props_list.string string | |
| stateful_ingestion One of StatefulStaleMetadataRemovalConfig, null | Default: None | 
| stateful_ingestion.enabled boolean | Whether or not to enable stateful ingest. Default: True if a pipeline_name is set and either a datahub-rest sink or datahub_apiis specified, otherwise FalseDefault: False | 
| stateful_ingestion.fail_safe_threshold number | Prevents large amount of soft deletes & the state from committing from accidental changes to the source configuration if the relative change percent in entities compared to the previous state is above the 'fail_safe_threshold'. Default: 75.0 | 
| stateful_ingestion.remove_stale_metadata boolean | Soft-deletes the entities present in the last successful run but missing in the current run with stateful_ingestion enabled. Default: True | 
The JSONSchema for this configuration is inlined below.
{
  "$defs": {
    "StatefulStaleMetadataRemovalConfig": {
      "additionalProperties": false,
      "description": "Base specialized config for Stateful Ingestion with stale metadata removal capability.",
      "properties": {
        "enabled": {
          "default": false,
          "description": "Whether or not to enable stateful ingest. Default: True if a pipeline_name is set and either a datahub-rest sink or `datahub_api` is specified, otherwise False",
          "title": "Enabled",
          "type": "boolean"
        },
        "remove_stale_metadata": {
          "default": true,
          "description": "Soft-deletes the entities present in the last successful run but missing in the current run with stateful_ingestion enabled.",
          "title": "Remove Stale Metadata",
          "type": "boolean"
        },
        "fail_safe_threshold": {
          "default": 75.0,
          "description": "Prevents large amount of soft deletes & the state from committing from accidental changes to the source configuration if the relative change percent in entities compared to the previous state is above the 'fail_safe_threshold'.",
          "maximum": 100.0,
          "minimum": 0.0,
          "title": "Fail Safe Threshold",
          "type": "number"
        }
      },
      "title": "StatefulStaleMetadataRemovalConfig",
      "type": "object"
    }
  },
  "additionalProperties": false,
  "description": "Config used by the LDAP Source.",
  "properties": {
    "env": {
      "default": "PROD",
      "description": "The environment that all assets produced by this connector belong to",
      "title": "Env",
      "type": "string"
    },
    "platform_instance": {
      "anyOf": [
        {
          "type": "string"
        },
        {
          "type": "null"
        }
      ],
      "default": null,
      "description": "The instance of the platform that all assets produced by this recipe belong to. This should be unique within the platform. See https://docs.datahub.com/docs/platform-instances/ for more details.",
      "title": "Platform Instance"
    },
    "stateful_ingestion": {
      "anyOf": [
        {
          "$ref": "#/$defs/StatefulStaleMetadataRemovalConfig"
        },
        {
          "type": "null"
        }
      ],
      "default": null
    },
    "ldap_server": {
      "description": "LDAP server URL.",
      "title": "Ldap Server",
      "type": "string"
    },
    "ldap_user": {
      "description": "LDAP user.",
      "title": "Ldap User",
      "type": "string"
    },
    "ldap_password": {
      "description": "LDAP password.",
      "title": "Ldap Password",
      "type": "string"
    },
    "base_dn": {
      "description": "LDAP DN.",
      "title": "Base Dn",
      "type": "string"
    },
    "filter": {
      "default": "(objectClass=*)",
      "description": "LDAP extractor filter.",
      "title": "Filter",
      "type": "string"
    },
    "attrs_list": {
      "anyOf": [
        {
          "items": {
            "type": "string"
          },
          "type": "array"
        },
        {
          "type": "null"
        }
      ],
      "default": null,
      "description": "Retrieved attributes list",
      "title": "Attrs List"
    },
    "custom_props_list": {
      "anyOf": [
        {
          "items": {
            "type": "string"
          },
          "type": "array"
        },
        {
          "type": "null"
        }
      ],
      "default": null,
      "description": "A list of custom attributes to extract from the LDAP provider.",
      "title": "Custom Props List"
    },
    "drop_missing_first_last_name": {
      "default": true,
      "description": "If set to true, any users without first and last names will be dropped.",
      "title": "Drop Missing First Last Name",
      "type": "boolean"
    },
    "page_size": {
      "default": 20,
      "description": "Size of each page to fetch when extracting metadata.",
      "title": "Page Size",
      "type": "integer"
    },
    "manager_filter_enabled": {
      "default": true,
      "description": "Use LDAP extractor filter to search managers.",
      "title": "Manager Filter Enabled",
      "type": "boolean"
    },
    "manager_pagination_enabled": {
      "default": true,
      "description": "[deprecated] Use pagination_enabled ",
      "title": "Manager Pagination Enabled",
      "type": "boolean"
    },
    "pagination_enabled": {
      "default": true,
      "description": "Use pagination while do search query (enabled by default).",
      "title": "Pagination Enabled",
      "type": "boolean"
    },
    "use_email_as_username": {
      "default": false,
      "description": "Use email for users' usernames instead of username (disabled by default).             If enabled, the user and group urn would be having email as the id part of the urn.",
      "title": "Use Email As Username",
      "type": "boolean"
    },
    "user_attrs_map": {
      "additionalProperties": true,
      "default": {},
      "title": "User Attrs Map",
      "type": "object"
    },
    "group_attrs_map": {
      "additionalProperties": true,
      "default": {},
      "title": "Group Attrs Map",
      "type": "object"
    }
  },
  "required": [
    "ldap_server",
    "ldap_user",
    "ldap_password",
    "base_dn"
  ],
  "title": "LDAPSourceConfig",
  "type": "object"
}
Code Coordinates
- Class Name: datahub.ingestion.source.ldap.LDAPSource
- Browse on GitHub
Questions
If you've got any questions on configuring ingestion for LDAP, feel free to ping us on our Slack.
Is this page helpful?