Rules and Guidelines for LDAP Objects

• •You cannot use filters for data that contains the Binary data type.
• •You can use only the advanced filter for Generalized Time and UTCTime data types.
• •You cannot use Less Than, Greater Than, Starts With, Ends With, Contains, Is Null, and Is Not Null operators in a basic filter.
• •Ensure that the advanced filter expression has a valid LDAP syntax.
• •You cannot use LDAP Connector to update the description attribute as there is a restriction from the JNDI API.
• •When you create entries for a user in Active Directory, you cannot set the password for that user. You do not have the required permissions to update passwords using the JNDI APIs.
• •When you use a basic filter for an LDAP source, you must map the fields on which you applied the filter before you run the task.
• •The Secure Agent fetches the attributes of security principal object classes only for the User, Group, and Computer object class from Active Directory.
• •When you write data that contains reserved characters to a distinguished name, you must add a backslash before each occurrence of a reserved character. The reserved characters include space or # character at the beginning of a string and space character at the end of a string. Other characters include , + " \ < > ; LF CR = /
• •When you read data from Active Directory, you can view extension attributes for all object classes if the Active Directory schema supports it. Extension attributes are custom attributes that you can use to store custom values for object classes that do not have an existing attribute. The extension attributes are certified for the user, contact, group, and computer object classes.
• •You cannot apply pushdown optimization for an LDAP source.
• •The LDAP Connector does not support proxy servers and communicates with the LDAP server directly.