LDAP integration

You can integrate the software protocol, Lightweight Directory Access Protocol (LDAP), into InfoSphere® MDM Collaboration Server so that you can locate organizations, individuals, and other resources such as files and devices in a network.

LDAP integration enables your system to support over 1000 casual users where each user requires authorization for various internal and external roles. For example, Category Managers is an internal role and an Assistant Brand Manager is an external role. With LDAP integration, you can distribute your LDAP directory over several servers and improve your security infrastructure through:
  • Real-time LDAP user entitlement
  • User import from an LDAP server for immediate setup
  • User authentication within the same LDAP server that you import from

You can also integrate a separate LDAP server tool into your system to use for the authentication process. In this case, the system authorization infrastructure is used to authorize LDAP users, and the separate LDAP server tool is used to authentication each user. To differentiate each LDAP user in your system, you use LDAP flags. This process of entitlement for LDAP users and roles into your system is done during run time and is based on either user-invoked or system-invoked script operations.

For specific information about integrating LDAP, see your product documentation for details.

LDAP users and roles

The following list describes how LDAP users and roles function in InfoSphere MDM Collaboration Server:

  • If a user is authenticated in a session, then the user continues to be authenticated until the end of the session. Even if the user identity changes during that period, the user is still authenticated. For example, a change in role or password does not invalidate user authentication.
  • If the user exists in InfoSphere MDM Collaboration Server and the LDAP flag is not set, then authentication is run against InfoSphere MDM Collaboration Server.
  • If the user exists in InfoSphere MDM Collaboration Server and the LDAP flag is set, then authentication is run against the LDAP server. Any InfoSphere MDM Collaboration Server roles that are set within the LDAP server must match the user-role mappings in InfoSphere MDM Collaboration Server.
  • If the user exists and contains a role on the LDAP server but does not exist in InfoSphere MDM Collaboration Server, the required entitlements for the user are created in an LDAP flag set.
  • If a user is deleted from the LDAP server, then the user is disabled in InfoSphere MDM Collaboration Server because references to the user name are in the job schedule history and audit trails.
  • The script operations getLdapUserInfo and getAllLdapUsersInfo enables you to source a list of users from the LDAP server.
  • For migrating from systems before version 5.2, a schema was changed in the USER entity due to the addition of the LDAP flag that differentiates between LDAP server users and InfoSphere MDM Collaboration Server users.

Last updated: 11 Sep 2017