Power Apps でLDAP データを連携利用

本記事では、Power Apps からデータベースのようにリアルタイム接続を行う方法を説明します。

Microsoft PowerApps は、データに連携するモバイルおよびタブレット向けアプリをドラッグ&ドロップとリッチな関数で実現します。CData API ServerとADO.NET Provider for LDAP (もしくは210+ の他のADO.NET Providers) を組み合わせて使い、PowerApps のリモートデータソースへの連携機能を拡張することができます。PowerApps のCommon Data Service に別途データをコピーする必要はありません。CData API Server は、LDAP データにデータベースのようなアクセスを可能にし、SaaS API やNoSQL をインメモリのSQL-92 エンジンで操作できるようにします。

CData API Server はSwagger のメタデータ標準をサポートします。Azure App Service、Microsoft Flow、およびPowerApps でSwagger メタデータからのUI 生成やコード生成が可能です。Swagger 定義を使えば、PowerApps からLDAP に連携する関数が生成できます。本記事では、それらの関数をPowerApps から使って、リモートのLDAP objects に連携する方法を説明します。

Set Up the API Server

Follow the steps below to begin producing secure LDAP OData services:

Deploy

The API Server runs on your own server. On Windows, you can deploy using the stand-alone server or IIS. On a Java servlet container, drop in the API Server WAR file. See the help documentation for more information and how-tos.

The API Server is also easy to deploy on Microsoft Azure, Amazon EC2, and Heroku.

Connect to LDAP

After you deploy the API Server and the ADO.NET Provider for LDAP, provide authentication values and other connection properties by clicking Settings -> Connections and adding a new connection in the API Server administration console. You can then choose the entities you want to allow the API Server access to by clicking Settings -> Resources.

リクエストを認証するには、User およびPassword プロパティを有効なLDAP クレデンシャル(例えば、User を"Domain\BobF" または"cn=Bob F,ou=Employees,dc=Domain")に設定します。 本製品は、デフォルトでプレーンテキスト認証を使用します。これは、本製品がサーバーとTLS/SSL のネゴシエーションを試みるためです。 AuthMechanism を使って別の認証方法を指定できます。 TLS/SSL コンフィギュレーションについて詳しくは、ヘルプドキュメントの「高度な設定」を参照してください。

    基本接続には、Server およびPort を設定します。さらに、次のように接続を微調整できます。
  • FollowReferrals:設定すると、本製品は参照サーバーのデータもビューとして表示します。参照サーバー上のデータを変更するには、このサーバーをServer およびPort で指定する必要があります。
  • LDAPVersion:サーバーが実装するプロトコルのバージョンに設定します。デフォルトでは、本製品はversion 2 を使用します。
  • BaseDN は、LDAP 検索の範囲を指定された識別名の高さに限定します。BaseDN の範囲を絞ることはパフォーマンスを劇的に向上させます。例えば、"cn=users,dc=domain" の値は、"cn=users" およびその子に含まれる結果のみを返します。
  • Scope:このプロパティを使用すると、サブツリーから返されるデータをより細かく制御できます。

Authorize API Server Users

After determining the OData services you want to produce, authorize users by clicking Settings -> Users. The API Server uses authtoken-based authentication and supports the major authentication schemes. You can authenticate as well as encrypt connections with SSL. Access can also be restricted by IP address; Access is restricted to only the local machine by default.

You will also need to enable CORS and then define the following sections by clicking Settings -> Server. As an alternative, you can select the option to allow all domains without '*'.

  1. Access-Control-Allow-Origin: Set this to a value of '*', or the domains you will be calling the API Server from.
  2. Access-Control-Allow-Methods: Set this to a value of "GET,PUT,POST,OPTIONS", or the HTTP methods you will need to use.
  3. Access-Control-Allow-Headers: Set this to "x-ms-client-request-id, authorization, content-type".

Last, you will need to configure the API Server to allow users to authenticate by passing the authtoken as a part of the URL. To do so, navigate to the www/app_data folder in the installation direction and modify the settings.cfg file to add the following line in the [Application] section:

AllowAuthTokenInURL = true

Retrieve the Swagger Metadata

You will use the metadata to create a Custom API connection. You can obtain the Swagger definition by making the following request in your browser and then saving the resulting JSON file:

http://MySite:MyPort/api.rsc/$swagger

Connect to LDAP Through the API Server

The following procedure shows how to create a simple app that searches remote LDAP objects.

  1. In Microsoft PowerApps, click Custom connectors.
  2. Click Create customer connector and choose Import an OpenAPI file.
  3. Name the connector, browse to the JSON file, and click Continue.
  4. Fill in the relevant General information, ensure that Base URL is of the form /api.rsc/@myauthtoken (where myauthtoken is the AuthToken for a configure API Server user), and click Continue.
  5. Select Basic authentication for the Authentication type and use the default Parameter labels and names. Click Continue.
  6. Review the Action and Reference definitions and click Create connector.
  7. To test the connector, you will need to create a new connection. Click Test, click New Connection under Connections, and click Create.
  8. Navigate back to the connector from the Custom connectors menu and click Test. From here, you can test the available operations.

Connect the Data Source to a PowerApp

Follow the steps below to connect to LDAP from a PowerApp:

  1. From the PowerApps main menu, click Create an app and select the on-premises or cloud PowerApp Studio.
  2. Select a blank app (choose Phone layout or Tablet layout).
  3. In the View tab, click Data Sources and click Add data source.
  4. Click the Connection you created to test the connector.

Populate a Gallery

Follow the steps below to create a simple app that can search LDAP objects. You will use PowerApps formulas to bind LDAP rows to rows in a gallery control.

  1. In the View tab, click Gallery -> Vertical to add a Gallery.

  2. After selecting a gallery, assign the Items property of the gallery to LDAP objects on the Advanced tab of the gallery settings. The formula below will allow you to access columns in the User table.

    ForAll(CDataSwaggerAPI.getAllUser().value, {myId: Id, myLogonCount: LogonCount})
  3. Assign LDAP columns to UI elements by clicking the element and then setting the Text property (on the Advanced tab of the UI element) to ThisItem.myId or ThisItem.myLogonCount.

Search LDAP Objects

To filter the records displayed by the gallery, add a TextInput to your Screen, clear the Text property for the TextInput, and set the Items property of the gallery to a formula like the one below, replacing TextInput1 with the name of the TextInput control in your gallery, if necessary:

If(IsBlank(TextInput1.Text), ForAll(CDataSwaggerAPI.getAllUser().value, {myId: Id, myLogonCount: LogonCount}), ForAll(CDataSwaggerAPI.getAllUser({'$filter':Concatenate("contains(Id,",TextInput1.Text,")")}).value, {myId: Id, myLogonCount: LogonCount}))

The formula builds an OData query that the API Server executes against the remote LDAP objects, ensuring that the search is run against the current data without first pulling in every record into the app. You can find more information on the supported OData in the API Server help documentation.

Edit LDAP Objects

Follow the steps below to load an editable screen that shows the fields of the LDAP record selected in the gallery.

  1. On the Insert tab, click New Screen->Blank and name the screen "Details".
  2. Tie the gallery to the new screen: Select the arrow button in the first entry of the gallery and in the OnSelect field in the Advanced properties, enter the following:

    Navigate( Details, None )
  3. In the Details screen, from the Insert tab, add a label "Id" and another label for the Id value. Set the Text property to BrowseGallery.Selected.Id

For each column you will need to do the following. Note that for Custom APIs form elements cannot detect which requests need to be formulated to the API Server, so you will need to write the data modification formulas manually.

  1. Add a label for the field.
  2. Add a text input from the Text menu to the screen and set the text property to the value from the selected item from the gallery (i.e.: BrowseGallery.Selected.myId).

To give your app basic update functionality and navigation, add Submit and Back buttons:

  1. For the Submit button, set the OnChange property to the following: CDataSwaggerAPI.updateUser(BrowseGallery.Selected.myId,BrowseGallery.Selected.myId,{Id:TextInput1.Text,LogonCount:TextInput2.Text})
  2. For the Back button, set the OnSelect field to the following: Navigate( BrowseScreen, None )

Your mobile or tablet app can now browse, search, and update LDAP objects.

 
 
ダウンロード