Here is the list of defaults, with which Ldap Source will self-configure itself, once it is dropped on the Data Flow Task, assuming the SSIS server is joined to fabrikam domain.



Connection Related Settings

HostOrDomainName – ex.,,

If SSIS machine is domain joined, will default to the FQDN of the joined domain.

Required field

PortNumber – ex. 389, 636.

Default 389.

Required field

UseSSL – indicates whether the component should use SSL when communicating with the LDAP Server

Default False

Note that when setting this value to True, ensure to adjust the PortNumber value as well


Security Related Settings

UseTaskSecurityContext – Windows Integrated Authentication will be used to connect to the LDAP directory, and the credentials of the currently logged user will be presented. Default value True.

ConnectionAccountName and ConnectionAccountPassword – If UseTaskSecurityContext is set to True, these properties are ignored. If UseTaskSecurityContext is set to False, the values of these properties are used to establish connection to the LDAP Directory. On a domain joined machine these values default to null.


Query Related Settings

BaseDN – Distinguished name of the starting point of the search. Ex. OU=IT,DC=fabrikam,DC=com

If SSIS machine is domain joined, will default to the FQDN of the joined domain. Ex. DC=fabrikam,DC=com

Required field

PageSize – specifies the number of objects the query could request from the server in one network trip.

Default 1000 (Active Directory pages size limit).

Required field

SearchFilter – Ldap query to be sent to the server. For details on the Ldap query syntax see these links

Default will return user and group objects

AttributesToLoad – specifies which object attributes to return from the LDAP Directory. Ex. assuming that the SearchFilter brings back group objects, by including the member value on the list of AttributesToLoad, the query result will contain the group membership information.

Default values – distinguishedName, objectCategory, objectGUID, displayName, member

Note that the disinghuishedName attribute must always be included, since it is used internally by the component. Removing this value will cause the component fail validation.


Data Interpretation Related Settings





The reason for these settings is best explained by an example. Let’s take lastLogonTimestamp attribute in Active Directory. As the name suggests this value contains the timestamp of the last logon of a user object. The only problem is that AD encodes this value as an Int64 value, and this is almost never what you want to get back from your query. You would much rather get the SSIS DT_DBTIMESTAMP value, which could be easily manipulated as a DateTime value. For this reason, the component supports automatic decoding of the values based on their semantic meaning. So if you are dealing with another attribute, encoded in the same manner as lastLogonTimestamp, simply add its name to the list of Int64EncodedDateTimeAttribues, and the LDAP Source Component will try to interpret its value accordingly. The same logic applies to GuidEncodedBinaryAttribues and SidEncodedAttributes.

Relationship Management Attributes

LdapPrimaryKeyEquivalent - This should be set an attribute, which is guaranteed to be unique within an LDAP Directory. The component will utilize this attribute to link the multi-valued attributes (more specifically the rows containing multi-valued data) back to the parent record (record containing all single valued attributes). By default this value is set to objectGUID, since it is guaranteed to be unique and immutable, at least in Active Directory.

Last edited Apr 1, 2013 at 9:33 PM by atcherni, version 4


No comments yet.