PeopleSoft Student Administration Integration Pack PeopleBook

Setting Up and Using LDAP Integration

This chapter provides an overview of SAIP LDAP integration and discusses how to:

Set up LDAP integration.
Run an LDAP synchronization.
Manage multitarget integration.

Understanding SAIP LDAP Integration

In addition to the web service support, SAIP provides the ability to provision person, enrollment, and course data to an LDAP directory. This enables applications that cannot consume web services but can read groups from an LDAP directory to be provisioned. The data is fundamentally the same as that which is provisioned via web services. All XML record types are replicated as LDAP directory subtrees. Because common LDAP practice discourages use of object hierarchy within records, there is an additional subtree type of Person Detail which contains a subset of the data that is contained within the Person XML record in the SOAP integration.

With LDAP integration, SAIP generates one or more LDIF files that may be imported into an LDAP directory. The process of generating LDIFs is conceptually similar to running a batch process for SOAP integration, with two important differences. First, the LDIF process is initiated within SAIP rather than by the consuming application. Second, LDAP integration checks the target system when generating an LDIF in order to validate the delta between the two systems.

Note. The Student Administration Integration Pack is a single target (multi-consumer) mechanism, meaning that it is currently designed to produce a single output stream, although multiple applications can consume that output simultaneously. An LDAP directory would be considered a "target" in the same way that an integration gateway would be considered target. Therefore, you can run either the web serviced binding of the SAIP, or the LDAP binding, but you cannot run the two bindings simultaneously. Doing so will produce unpredictable results.

Setting Up LDAP Integration

This section lists prerequisites and discusses how to set up SAIP LDAP integration with a directory that has been added to PeopleSoft.

Prerequisites

Before a directory can be added to SAIP integration, it must first be added to the PeopleSoft installation via the Directory Setup page (PeopleTools, Security, Directory, Configure Directory). Only the information on the Directory Setup need be entered. It is not necessary to cache the directory schema.

The following SAIP services must be enabled in order for LDAP integration to function:

PUBLISHINSTITUTION
PUBLISHACADORG
PUBLISHINSTITUTIONTOTARGET
PUBLISHACADORGTOTARGET
PUBLISHCOURSETEMPLATE
PUBLISHCLASSSECTION
PUBLISHCOMBINEDSECTION
PUBLISHPERSON
PUBLISHSTDNTCAREERTERM
PUBLISHSTUDENTENROLLMENT
PUBLISHTERM

Page Used to Set Up LDAP Integration

Page Name	Definition Name	Navigation	Usage
LDAP Targets	SAE_LDAP_TBL	Set Up SACR, Product Related, SA Integration Pack, Set Up Targets, LDAP Targets	Add an LDAP directory for SAIP integration.

Adding a Directory to SAIP

Once the directory has been added to PeopleSoft, access the LDAP Targets component (Set Up SACR, Product Related, SA Integration Pack, Set Up Targets, LDAP Targets) and add the directory there.

Enter or select the items to use as default settings for your institution's initial and subsequent transfers of data to the external system.

Target ID	Set the ID of the target. Note. The Target ID must be globally unique across both LDAP and web service bindings. Consequently, a link is provided to display web service targets in the event of a naming conflict.
Version	Set the version of the SAIP binding to be used. (There are no differences between SAIP LDAP Version 1.0 and Version 1.5.)
Target Type	Describes the type of target (LDAP or web service).
Person Path	Set the directory path for person entries.
Detail Path	Set the directory path for person detail entries.
Last Sync Person	This field provides the date and time that the last synchronization of person entries was run.
Template Path	Set the directory path for course template entries.
Last Sync Template	This field provides the date and time that the last synchronization of course template entries was run.
Offering Path	Set the directory path for course offering entries.
Last Sync Offering	This field provides the date and time that the last synchronization of course offering entries was run.
Section Path	Set the directory path for course section entries.
Last Sync Section	This field provides the date and time that the last synchronization of course section entries was run.
Association Path	Set the directory path for section association entries.
Last Sync Association	This field provides the date and time that the last synchronization of section association entries was run.
Group Path	Set the directory path for group entries.
Last Sync Group	This field provides the date and time that the last synchronization of group entries was run.
Membership Path	Set the directory path for membership entries.
Last Sync Membership	This field provides the date and time that the last synchronization of membership entries was run.
Delete Type	Select to indicate integration behavior when an entry is deleted in PeopleSoft. Selecting Delete Record will remove the LDAP entry from the directory. Selecting Inactivate Record will update the LDAP entry by setting the appropriate status attribute in the entry to Inactive.

Running an LDAP Synchronization

This section discusses generating LDIF files for import into the target directory.

Page Used to Run LDAP Synchronization

Page Name	Definition Name	Navigation	Usage
LDAP Synchronization	SAE_LDAPRUNCNTL	SA Integration Pack, LDAP Synchronization	Generate an LDIF file based on SAIP data.

Generating the LDIF File

Access the LDAP Synchronization run control page (SA Integration Pack, LDAP Synchronization).

Enter or select the items to use as settings for your institution's transfer of data to the external system.

Target Info	Click this link to access SAE_LDAP_TARGETS, where you can configure the LDAP target.
Directory ID	Select a directory ID from those defined during the setup in the LDAP Targets component.
Synchronization Request Type	Full Synchronization compares all the data that is in scope with the data in the target system and updates the target system by adding any missing entries, deleting or deactivating any removed entries (depending on setup configuration), and updating any changed entries. Incremental Synchronization compares only data that has been changed in PeopleSoft since the last synchronization with the data in the target system and updates the target system accordingly.
Person Extract Option	Based on Usage provides Person data based on the options set in the SAIP Installation page. All Detail provides all Person data available regardless of the options set in the SAIP Installation page. See Setting Default Installation Values.
Synchronize…	Check the box for each directory subtree to be synchronized. One LDIF will be generated containing all of the entries for all of the subtrees selected. Entries will automatically be listed in the proper order required to maintain data integrity. Warning! If LDIFs for subtrees are generated one at a time, they must be created in the proper order.
Update LMS Sent Indicator	Clear this box to prevent the LMS Sent flag from being set after an entry is set. Note. Because the LMS sent flag will not be switched to Y, child entities will not be picked up as in scope until such time as the parent offering LMS Sent flag has been set to Y. It is recommended that you always set LMS Sent to Y in production situations in order to ensure data integrity.
LDIF File Name and Path	Specify the path and name of the LDIF file being generated. Be sure to include the .ldif extension in the file name.

Click Run to bring up the Process Scheduler Request page. Click OK to run the process scheduler. Check the Process Monitor to ensure that the process has completed without errors.

Warning! If the LDAP directory integration has not been set up, or if the LDAP directory is down, the process will fail.

Import the LDIF file into the external system using LDIF import mechanism or tools provided by the maintainers of the LDAP directory.