OneData 10.7 | Managing Master Data with webMethods OneData | Administering webMethods OneData | Configuring Security | External Security Authentication Using LDAP | Adding an LDAP Profile in OneData
 
Adding an LDAP Profile in OneData
You must first create an LDAP profile in OneData to fetch users from the LDAP server.
in the Job Center, you can use the saved profile to schedule synchronization jobs. The LDAP User Synchronization Job job type enables you to view a list of profiles for which you can schedule synchronization between the LDAP server and OneData.
*To add an LDAP profile in OneData
1. Log into OneData using the user ID SYSTEM provided to you.
In a fresh installation there will not be any user ID in the repository other than the SYSTEM user ID.
2. On the Menu toolbar, click Administer > Security > LDAP Configuration/Import.
3. Click Add LDAP Profile.
4. Complete the following LDAP profile properties.
Parameter
Description
Name
Specify the name of the profile. This name appears on the Login page if used for external authentication.
Description
Type a description of the profile.
LDAP Host
Specify the host name or IP address of the LDAP server.
LPAD Port
Specify the LDAP server port number.
Enable SSL
Specify whether to enable SSL.
Прим.:
If you are using SSL, verify that the system properties Trusted Keystore and Trusted Keystore Password defined in Administer > System > System Properties are accurate and match the configurations in the com.softwareag.jaas.realm.pid-<Repository Name>JaasConfig.properties file for each repository. For more details, see Configuring Connections.
LDAP Login DN
Specify the LDAP login distinguished name (DN) to connect to LDAP directory.
LDAP Password
Specify the LDAP password to connect to LDAP directory.
LDAP Search Base
Specify the LDAP search base, for example, ou=people, dc=example, dc=com.
Прим.:
For a highly recursive LDAP structure, when the root node is specified as the search base, the search is recursive across the entire structure, and users or nodes defined at all levels.
LDAP Search Filter
Specify the fitler to use when searching user records.
User ID
Specify the LDAP directory attribute used as the OneData user ID.
User Full Name
Specify the LDAP directory attribute used as the user’s full name in OneData.
User Details
Specify the LDAP directory attribute used for the user details.
User E-mail
Specify the LDAP directory attribute used as the OneData email address.
Execution Mode
Select how to synchronize users between the LDAP server OneData must occur:
*Add. Default. Adds new users in the LDAP server.
*Add/Update. Adds new users in the LDAP server and makes the required changes to existing users already present OneData.
*Delete. For any user deleted in the LDAP server, deletes the user if present in OneData.
Notification
Select the notification for the status of synchronization between the LDAP server OneData:
*Do not notify. OneData does not send any notification on the success or failure of synchronization.
*Notify on errors. OneData sends a notification only when errors occur during synchronization.
*Notify on completion. OneData sends a notification only when synchronization is complete successfully.
Notification User
List the email IDs of the users to notify on the synchronization status. Use a comma as the separator between multiple email IDs.
5. Provide additional profile specifications for the selected Execution Mode:
*If you selected Add or Add/Update Profile Specifications:
Specification
Description
Associate User to Group
Select how to associate or remove associations of LDAP users to user groups in OneData:
*Do not link. Default. No user group associations are added to existing or updated LDAP users.
*To existing. Associates users only with user groups that are already present in OneData.
*To new. Associates users with user groups that are already present in OneData and creates any new user groups in the LDAP server along with the assocations to new and existing users.
LDAP Group Search Base
Specify the search base for LDAP groups. For example:
CN=Users,dc=example,dc=com
LDAP Group Base Filter
Specify the filter to use while searching user records. For example, objectClass=Group.
Member Of Group Identifier
Specify the LDAP directory attribute to use in order to identify a member of a group.
*If you selected Delete:
Specification
Description
LDAP Server Type
Select how to associate or remove associations of LDAP users to user groups in OneData:
*Active Directory. Default.
*Other. For any directory services database other than Active Directory. In which case, ensure that that you provide a value for Fetch Deleted Users Class.
Deleted Users Search Base
Specify the search base for the deleted LDAP users. For example:
dc=example,dc=com
Fetch Deleted Users Class
If you have selected any directory services database other than Active Directory in LDAP Server Type , specify the service provider search base.
6. Click Save.