Connect to Live Active Directory Data in PostGresSQL Interface through CData Connect AI

There are a vast number of PostgreSQL clients available on the Internet. PostgreSQL is a popular interface for data access. When you pair PostgreSQL with CData Connect AI, you gain database-like access to live Active Directory data from PostgreSQL. In this article, we walk through the process of connecting to Active Directory data in Connect AI and establishing a connection between Connect AI and PostgreSQL using a TDS foreign data wrapper (FDW).

CData Connect AI provides a pure SQL Server interface for Active Directory, allowing you to query data from Active Directory without replicating the data to a natively supported database. Using optimized data processing out of the box, CData Connect AI pushes all supported SQL operations (filters, JOINs, etc.) directly to Active Directory, leveraging server-side processing to return the requested Active Directory data quickly.

Connect to Active Directory in Connect AI

CData Connect AI uses a straightforward, point-and-click interface to connect to data sources.

1. Log into Connect AI, click Sources, and then click Add Connection
👁 Adding a Connection

2. Select "Active Directory" from the Add Connection panel
👁 Selecting a data source

3. Enter the necessary authentication properties to connect to Active Directory.

   To establish a connection, set the following properties:

   • Valid User and Password credentials (e.g., Domain\BobF or cn=Bob F,ou=Employees,dc=Domain).
   • Server information, including the IP or host name of the Server, as well as the Port.

   • BaseDN: This will limit the scope of LDAP searches to the height of the distinguished name provided.

     Note: Specifying a narrow BaseDN may greatly increase performance; for example, cn=users,dc=domain will only return results contained within cn=users and its children.

   👁 Configuring a connection (Salesforce is shown)
   
4. Click Save & Test
5. Navigate to the Permissions tab in the Add Active Directory Connection page and update the User-based permissions. 👁 Updating permissions
   

Add a Personal Access Token

When connecting to Connect AI through the REST API, the OData API, or the Virtual SQL Server, a Personal Access Token (PAT) is used to authenticate the connection to Connect AI. It is best practice to create a separate PAT for each service to maintain granularity of access.

1. Click on the Gear icon () at the top right of the Connect AI app to open the settings page.
2. On the Settings page, go to the Access Tokens section and click Create PAT.
3. Give the PAT a name and click Create. 👁 Creating a new PAT
   
4. The personal access token is only visible at creation, so be sure to copy it and store it securely for future use.

With the connection configured and a PAT generated, you are ready to connect to Active Directory data from PostgreSQL.

Build the TDS Foreign Data Wrapper

The Foreign Data Wrapper can be installed as an extension to PostgreSQL, without recompiling PostgreSQL. The tds_fdw extension is used as an example (https://github.com/tds-fdw/tds_fdw).

1. You can clone and build the git repository via something like the following view source:

   sudo apt-get install git
   git clone https://github.com/tds-fdw/tds_fdw.git
   cd tds_fdw
   make USE_PGXS=1
   sudo make USE_PGXS=1 install
   

   Note: If you have several PostgreSQL versions and you do not want to build for the default one, first locate where the binary for pg_config is, take note of the full path, and then append PG_CONFIG=
2. After you finish the installation, then start the server:

   sudo service postgresql start
   

3. Then go inside the Postgres database

   psql -h localhost -U postgres -d postgres
   

   Note: Instead of localhost you can put the IP where your PostgreSQL is hosted.

Connect to Active Directory data as a PostgreSQL Database and query the data!

After you have installed the extension, follow the steps below to start executing queries to Active Directory data:

1. Log into your database.
2. Load the extension for the database:

   CREATE EXTENSION tds_fdw;
   

3. Create a server object for Active Directory data:

   CREATE SERVER "ActiveDirectory1" FOREIGN DATA WRAPPER tds_fdw OPTIONS (servername'tds.cdata.com', port '14333', database 'ActiveDirectory1');
   

4. Configure user mapping with your email and Personal Access Token from your Connect AI account:

   CREATE USER MAPPING for postgres SERVER "ActiveDirectory1" OPTIONS (username '[email protected]', password 'your_personal_access_token' );
   

5. Create the local schema:

   CREATE SCHEMA "ActiveDirectory1";
   

6. Create a foreign table in your local database:

   #Using a table_name definition:
   
   CREATE FOREIGN TABLE "ActiveDirectory1".User ( 
   id varchar, 
   LogonCount varchar) 
   SERVER "ActiveDirectory1"
   OPTIONS(table_name 'ActiveDirectory.User', row_estimate_method 'showplan_all');
   
   #Or using a schema_name and table_name definition:
   
   CREATE FOREIGN TABLE "ActiveDirectory1".User ( 
   id varchar, 
   LogonCount varchar) 
   SERVER "ActiveDirectory1"
   OPTIONS (schema_name 'ActiveDirectory', table_name 'User', row_estimate_method 'showplan_all');
   
   #Or using a query definition:
   
   CREATE FOREIGN TABLE "ActiveDirectory1".User (
   id varchar, 
   LogonCount varchar) 
   SERVER "ActiveDirectory1"
   OPTIONS (query 'SELECT * FROM ActiveDirectory.User', row_estimate_method 'showplan_all');
   
   #Or setting a remote column name:
   
   CREATE FOREIGN TABLE "ActiveDirectory1".User (
   id varchar,
   col2 varchar OPTIONS (column_name 'LogonCount'))
   SERVER "ActiveDirectory1"
   OPTIONS (schema_name 'ActiveDirectory', table_name 'User', row_estimate_method 'showplan_all');
   

7. You can now execute read/write commands to Active Directory:

   SELECT id, LogonCount
   FROM "ActiveDirectory1".User;
   

More Information & Free Trial

Now, you have created a simple query from live Active Directory data. For more information on connecting to Active Directory (and more than 200 other data sources), visit the Connect AI page. Sign up for a free trial and start working with live Active Directory data in PostgreSQL.