Skip navigation

Access to data in LDAP-enabled directory services including Microsoft Active Directory, OpenLDAP, and others

score 42
You have not voted. Active

Executive Summary

 

Enable Tableau to connect directly to LDAP-enabled Directory Servers. This is NOT user authentication. This is to access and extract the data in the Directory Servers.

 

Problem Statement

 

LDAP-enabled directories are treasure-troves of information in an organization. They are database servers – just with different purposes and access methodologies. Because of the roles they typically are used for - authentication, directory, policy, and other services - they are FULL of high-value information that Tableau users should be able to access easily – but cannot do so today.

 

Using Microsoft Active Directory (AD) as an example AD is basically a “source of Truth” in it has:

  • User information from names to email addresses to physical addresses to organizational structure.
  • Computer information
  • Groups and Group memberships
  • Security & Permissions
  • DNS
  • DHCP
  • And much more…

 

Feature Request

 

That Tableau natively support LDAP and Secure LDAP (LDAPS) access to common Directory Servers.

 

Potential LDAP-enabled Directory Server targets include, but are not limited to:

 

Use Cases

 

  • Lookups:
    • Who works in what countries?
    • I have a username – what is the user’s first and last names, titles, managers, email addresses, etc.
    • Group memberships
    • What permissions does a user have?
    • Which users are enabled – and which are disabled? Showing changes over time?
  • Employee Directories
  • Organizational Charts
  • Information Technology:
    • Correlating web server, network, firewall, etc. logs with user information:
      • Seeing “fsmith” has malware in a security event manager log is somewhat interesting.
      • Seeing “Fred Smith, Chief Technology Officer, fsmith2@fake.com, 206-555-1212” has a malware problem is MUCH more informative and actionable.
  • Resource usage information – Say Disk Space usage and billing:
    • Being able to pull the organizational information out of a Directory Server enables the summarization of disk space usage from the individual users, up through each line of management, all the way to the top of the organization.

 

Specific Use Case – VPN Access

 

One particular use case near and dear to my heart: InfoSec asked me "where are all our VPN connections coming from?" for the past 90 days. I won't bore you with the details, but I was able to gather the log files, parse them out, convert IPv4 addresses to unsigned 32-bit integers, load everything into a database, and then analyze them in Tableau.

 

One of the views I needed was to see who was travelling into countries that have targeted embargoes/sanctions, problems with intellectual property protection, or problems with malicious hacking. I ended up with a list of usernames, but nothing to indicate their relative importance to the organization. So, I resorted to using a manual export of all the users and user information from Active Directory, sucked it into Tableau, and now I have full names and titles of the people. I can look for (and filter on) key words in titles such as “President”, “Vice, “Chief”, “Director”, “Architect”, and so on.

 

Result: Interesting and meaningful data to drive actions.

 

Possible Solutions

 

CDATA has an OBDC driver that talks directly to LDAP. It lets you query Active Directory via OBDC and does the OBDC <-> LDAP translation work for you. Depending on permissions, it is fully read/write capable. Embed this product/technology into Tableau or into the Tableau driver distribution.

·         http://www.cdata.com/drivers/ldap/odbc/

 

Use Open Source code from one of the better LDAP clients out there. Apache Directory Studio works pretty well and there are plenty of alternate choices available too.

 

Purchase a commercial LDAP client library and embed it in our product.

Comments

Vote history