ARIS supports the use of multiple LDAP systems.
Warning
The migration to multiple LDAP servers is irreversible. Any existing LDAP data needs to be deleted manually before the migration.
We strongly recommend that you contact your local Software AG sales organization before you start configuring multiple LDAP servers.
If you plan to use multiple LDAP systems with already existing data, for example, attributes, all data must be renewed first.
Each LDAP server must have a unique ID to identify the server to be used at user login and for user group names.
The format of the ID must not exceed five characters.
The user or user group names are prefixed with the server ID in the following format: LDAP1\user1, LDAP2\user group name.
If the user name is defined in the format shown above, the users must enter the prefix when logging in.
Single sign-on
If users have the same login ID in different LDAP servers, the single sign-on login fails. Users must enter their passwords manually instead.
Kerberos
Even if you have configured multiple LDAP systems, you can use only one LDAP server with Kerberos authentication.
When you use multiple LDAP systems, you must enable the Ignore realm from service ticket property under Kerberos > Advanced Settings.
SAML
If a user is created during login using SAML, the user name will not have any prefix and is assigned to the default user group. This user is not mapped to any LDAP server.
WebDAV
The WebDAV protocol provides a framework for users to create, change, and move documents on a server. The WebDAV protocol enables you to maintain properties related to, for example, an author or modification date.
Using WebDAV with ARIS document storage works only for local users.
ARIS Designer
When using the search functionality in ARIS Designer, you must search for a user with the respective prefix for the user.
Example
If you search for user LDAP1/user 1, the user is found.
If you search for user 1, the user is not found.
Process Governance
You must update all user names in all existing organizational charts with the prefix of the additional LDAP servers from which the users are imported.