Understanding the PeopleSoft LDAP Solution

Three PeopleSoft-delivered technologies enable you to:

  • Authenticate against an LDAP V3 compliant directory server.

  • Reuse your existing user profiles stored within LDAP.

The three technologies are:

  • Directory Business Interlink, which exposes the LDAP to PeopleCode.

    The system uses it for all communication with the LDAP server process running on a directory server.

  • User Profile Component Interface, which exposes the User Profiles component to PeopleCode.

    The system uses it to programmatically manage a local cache of user profiles.

  • Signon PeopleCode, which runs when a user signs in to the system—similar to the login scripting of most network systems.

    Signon PeopleCode uses the Directory Business Interlink and the User Profile Component Interface to verify directory-based credentials and programmatically create a local User Profiles cache.

The combination of these three technologies provides a flexible way to configure PeopleSoft for integration with your directory server. No set schema is required in the directory. Instead, you can configure and extend the Signon PeopleCode to work with any schema implemented in your directory server.

The topics in this documentation describe setting up the LDAP integration technology on your site. The tasks assume that an LDAP V3 compliant directory service is already installed, and that you intend to import LDAP group values and apply them to PeopleSoft roles.

Note: PeopleTools uses JNDI libraries only. JNDI requires no added installation as it is part of the standard PeopleTools installation. This documentation assumes you have a working knowledge of LDAP-enabled directory servers.

Note: When you enable LDAP authentication, the password column on the PSOPRDEFN record is no longer used. Directory-level users are not authenticated against the PSOPRDEFN table; they are authenticated by Signon PeopleCode. Because Signon PeopleCode only runs on the application server, LDAP authentication requires an application server. That is, LDAP authentication does not work for a two-tier signon.