Active Directory Search

On this Page

Snap type:

Read

Description:

This Snap lets you search Active Directory and provides options to select the scope and the filter table to effectively return search results as compared to the List Users Snap which returns all the entries.

The attributes of table will create on suggest based on the existing distinguished name into Active Directory. The table consists of all the fields that can be used as filter attributes to perform search and effectively return the results. To generate the suggested filter attributes into the table the existing distinguished name is required.

  • Expected upstream Snaps: File reader followed by any file Parser followed by Structure.
  • Expected downstream Snaps: Any file Formatter followed by File Writer.
  • Expected input: Existing distinguished name, Filter attributes (Filter keys, Filter values).
  • Expected output: This Snap will give the output data as all the searched entries based on the provided existing distinguished name.
Prerequisites:

[None]

Support and limitations:

Works in Ultra Task Pipelines.

Behavior Change

  • Previously the Page Size field worked similar to the Limit field, that is, it sets the limit on fetching records instead of fetching all the records. 
  • The Active Directory Search Snap output now displays the number of records that you specify in the Limit field under Settings. If your Pipelines use the Snap with the Page Size field, they may fail to execute if the downstream Snap expects the same count. To retrieve all the records, configure the Snap with default settings, that is, Limit: 0 and Page Size: 1000.
Account: 

This Snap uses account references created on the Accounts page of SnapLogic Manager to handle access to this endpoint. See Active Directory Basic Auth Account for information on setting up this type of account.

Views:
InputThis Snap has at most one document input view.
OutputThis Snap has exactly one document output view.
ErrorThis Snap has at most one document error view and produces zero or more documents in the view.

Settings

Label*

Specify the name for the Snap. You can modify this to be more specific, especially if you have more than one of the same Snap in your pipeline.

Existing distinguished name*


Specify the LDAP API references an LDAP object by its distinguished name (DN). A DN is a sequence of relative distinguished names (RDN) connected by commas. An RDN is an attribute with an associated value in the form attribute=value, normally expressed in a UTF-8 string format.  The typical RDN attribute types include: 

DC = domainComponent, CN = commonName, OU = organizationalUnitName,O = organizationName, STREET = streetAddress, L = localityName,ST = stateOrProvinceName, C = countryName, UID = userid.

This field is applicable only to existing users. If the user does not exist, create an entry using the Create Entry Snap first.

Default Value: [None]

ExampleA distinguished name for an LDAP entry can be represented as: 

CN=AbcUser,CN=Users,DC=server,DC=company,DC=com. 

In this example, to refer to the entire user list, you can remove the initial attribute, CN=AbcUser.

You can also use special characters in the distinguished name. See the section Using Special Characters in Distinguished Name below.

Page size*


Specify the size of the page to receive search results. The maximum value accepted by Active Directory is 1000. See https://msdn.microsoft.com/en-us/library/ms180880(v=vs.80).aspx for more information.

Default Value: 1000

A new field Limit is introduced in a 4.23 dot release (423patches8210)Your Pipelines created prior to this release, which use Page Size for limiting records may fail to execute. Hence, modify your Pipelines using the Limit field below.

Limit

Specify the number of search records to be fetched from the Active Directory.

  • If the value is 0, then the Snap will fetch all the records.
  • Your existing Pipelines that use Page Size for limiting records may fail to execute. Hence, modify your Pipelines using the Limit field.

Default Value: 0

Scope typeSpecify the scope type to search against. The options available include:
  • SUBTREE_SCOPE A subtree search (or a deep search) includes all child objects as well as the base object.
  • ONELEVEL_SCOPE A one-level search is restricted to the immediate children of a base object, but excludes the base object itself. This setting can perform a targeted search for immediate child objects of a parent object.
  • OBJECT_SCOPE A base search (OBJECT_SCOPE) limits the search to the base object. The maximum number of objects returned is always one. This search is useful to verify the existence of an object for retrieving group membership.

Default ValueSUBTREE_SCOPE

Filter Attributes

Specify the table of key-value pairs to filter the search.

The generated filter keys generated by suggesting can be modified, that is:

  • filter key / filter value : (objectClass / user) and (cn / rock) mean select only "rock" from all users.
  • filter key / filter value : (objectClass / user) and (!cn / rock) means to select all the user objects except "rock".

Filter keys

The suggested filter attributes based on the provided Existing distinguished name property.

Filter values

The corresponding values of the suggested filter key to perform an effective search.

Returning Attributes

Use this field set to define the attributes that should return in the search results. This field set contains the Attribute Keys field. Click to add a row for defining the attribute key.

Attribute Keys

Specify the attribute keys that should return in the search results.

Default Value: None
ExampleobjectClass, DistinguishedName (member;range=1500-1600), cn

When using this Snap to search by a distinguished name, the Snap only returns up to 1500 members if the total member in the group is greater than 1500.

  • If the result has less than 1500 members in the group, the Snap returns the members within the member key.
  • If the result has more than 1500 members in the group, the member key displays as no values.
  • If you specify a member range, for example, (member; range=1500-2000), the Snap returns the members within that range.
Group results

Select to group the output result in a single array.

When Group result is checked, the documents will now be grouped inside an array instead of individual documents.

Default Value: Not selected.

Pass through

Select to include the entire input data in the Snap's output. The Snap includes this data within the $original field in the output. 

Default Value: Not selected

Snap Execution


Select one of the three modes in which the Snap executes. Available options are:

  • Validate & Execute: Performs limited execution of the Snap, and generates a data preview during Pipeline validation. Subsequently, performs full execution of the Snap (unlimited records) during Pipeline runtime.
  • Execute only: Performs full execution of the Snap during Pipeline execution without generating preview data.
  • Disabled: Disables the Snap and all Snaps that are downstream from it.

This option must be enabled to see preview content.

Examples

 

Distinguished name valueReturns

CN=groupname,CN=Users,DC=server,DC=company,DC=com

Details about that group.
CN=Users,DC=server,DC=company,DC=comDetails about all items in Users under that domain.
DC=server,DC=company,DC=comDetails about all objects on that server domain.

Using Special Characters in Distinguished Name

You can include special characters in the Distinguished name and Existing distinguished name fields. As of Patch activedirectory8789, the fields do not require the following special characters to be prefixed with an escape character:

  • Forward slash (/)
  • Backward slash (\)
  • Plus (+)
  • Double-quote (")
  • Less than symbol (<)
  • Greater than symbol (>)
  • Semi-colon (;)

If an escape character is prefixed, the Snap reads it, else, it prefixes it to the special character to correctly process the data.

Comma (,) and Equals (=) have a special meaning in the distinguished name, as comma (,) is used to separate RDNs and equals (=) is used for designating key value pairs (key=value). Therefore, these must still be prefixed with an escape character to be passed as special characters. For example, \, or \=.

Example: Using Special Characters

Let us say you need to specify a distinguished name like CN=man/eesh,CN=Users,DC=ad1,DC=clouddev,DC=snaplogic,DC=com, where the common name man/eesh contains a special character. 

The Snap supports both scenarios:   

  • If the special character is prefixed with an escape character. For example, CN=man\/eesh. 
  • If no escape character is used. For example, CN=man/eesh,

In both cases, the Snap generates the same output during Pipeline validation, as shown in the image below. This ensures existing Pipelines do not break in either case.

Using the pass-through functionality

In certain scenarios, the Snap may be unable to process the entire input due to limitations imposed by the endpoint's API. In such cases, we recommend that you select the Pass through checkbox to ensure that the unprocessed input is not lost. You can process the remaining input data using more of the same Snap in the Pipeline. Alternatively, you can also write the original data into a separate file using a combination of the Mapper Snap and the File Writer Snap. 

Snap Pack History

 Click to view/expand
Release
Snap Pack Version 
Date
Type
Updates
4.27main12833StableEnhanced the Active Directory Search Snap with a new field set, Returning Attributes, to define attributes that you want the Snap to return in the search results.
4.26 Patch426patches11280 LatestFixed an issue with the Active Directory Add Member Snap that failed when using forward slash "/" in the Distinguished name field.
4.26main11181 StableUpgraded with the latest SnapLogic Platform release.
4.25main9554 StableUpgraded with the latest SnapLogic Platform release.
4.24main8556 StableUpgraded with the latest SnapLogic Platform release.
4.23 Patch423patches8210 Latest

Fixes an issue of fetching search records in the Active Directory Search Snap by adding a new field, Limit, to specify the number of search records to be fetched from the Active Directory.

  • Previously the Page Size field worked similar to the Limit field, that is, it sets the limit on fetching records instead of fetching all the records. 
  • The Active Directory Search Snap output now displays the number of records that you specify in the Limit field under Settings. If your Pipelines use the Snap with the Page Size field, they may fail to execute if the downstream Snap expects the same count. To retrieve all the records, configure the Snap with default settings, that is, Limit: 0 and Page Size: 1000.
4.23 Patch423patches7454 Latest

Adds the Pass through check box in all the Snaps to include pass-through functionality. Select this check box to embed the upstream input documents under the original field of the output document along with other records.

4.23main7430 Stable
4.22422patches6531

 


Latest

Enhances the Active Directory Create Entry and Active Directory Update Entry Snaps by adding Attribute Value Delimiter field to separate multiple values entered in the Attribute value field.

4.22main6403 StableUpgraded with the latest SnapLogic Platform release.
4.21snapsmrc542 StableUpgraded with the latest SnapLogic Platform release.
4.20 Patchactivedirectory8789 Latest

Fixes the Active Directory Snaps to successfully read special characters in the Existing distinguished name and Distinguished name Snap settings without requiring escape characters.

4.20snapsmrc535 Stable

Fixes the Search Snap and the List Users Snap wherein the Snaps displayed only the first element of an array field. Now, the Snaps display all the elements of an array field.

4.19 Patch activedirectory8506 Latest

Fixes the Search Snap and the List Users Snap wherein the Snaps displayed only the first element of an array field. Now, the Snaps display all the elements of an array field.

4.19snapsmrc528 
StableUpgraded with the latest SnapLogic Platform release.
4.18snapsmrc523 Stable Upgraded with the latest SnapLogic Platform release.
4.17 PatchALL7402
Latest

Pushed automatic rebuild of the latest version of each Snap Pack to SnapLogic UAT and Elastic servers.

4.17 snapsmrc515 Stable

Added the Snap Execution field to all Standard-mode Snaps. In some Snaps, this field replaces the existing Execute during preview check box.

4.16 snapsmrc508 StableUpgraded with the latest SnapLogic Platform release.
4.15snapsmrc500 StableUpgraded with the latest SnapLogic Platform release.
4.14 snapsmrc490 StableUpgraded with the latest SnapLogic Platform release.
4.13snapsmrc486 StableUpgraded with the latest SnapLogic Platform release.
4.12snapsmrc480 StableUpgraded with the latest SnapLogic Platform release.
4.11 Patch activedirectory4630 Latest

Resolved an issue with the Active Directory Search Snap that Ignored PartialResultException and did not handle the slashes and backslashes in the search function:

  • Added the original exception to SnapdataException for the Active Directory Snaps.
  • Improved the error message.
4.11snapsmrc465

 

StableUpgraded with the latest SnapLogic Platform release.
4.10snapsmrc414 StableUpgraded with the latest SnapLogic Platform release.
4.9snapsmrc405 StableUpgraded with the latest SnapLogic Platform release.
4.8snapsmrc398 StableUpgraded with the latest SnapLogic Platform release.
4.7snapsmrc382 StableUpgraded with the latest SnapLogic Platform release.
4.6 Patch activedirectory2056 Latest

Resolved an issue with modifying the "unicodePwd" attribute using the Active Directory - Update Entry Snap.

4.6rcmsf233 Stable
  • Extended support for a der encoded representation of Anaplan Certificate for Anaplan account validation.
  • Resolved an issue in Create Entry, Search, and Update Entry Snaps that caused certain attributes to not appear in suggestions.
4.5.1rcmsf231 StableUpgraded with the latest SnapLogic Platform release.
4.5rcmsf231

 

StableUpgraded with the latest SnapLogic Platform release.
4.3.2

Stable

Resolved an issue in Active Directory Search resulting in an error using a port value in the server URI.

4.3.0



Stable

The Update Snap now populates all attributes during Suggest. The Search Snap now shows those attributes that have values.

4.2.2

Stable
  • Resolved an issue with the account failing to validate after the last Snap release.
  • Resolved an issue with the Active Directory Search Snap failing to throw an exception for an invalid search.
  • Resolved an issue with the Active Directory Search Snap not routing an error to the error view for a null search.
  • Resolved an issue with the Active Directory Search Snap adding a blank space on all strings.
  • Updated the tooltips within the Active Directory Snap Pack.
4.2.1

Stable

Resolved "Pass through only supported for Map data." message showing in Active Directory Rename Snap.