Notes:
- In a distributed installation of Primavera Portfolio Management (“Scale Out”), you can use the Active Directory Synchronization Tool from any one of the PPM application servers. This tool is used for one-time, user-driven synchronization with LDAP.
- If you use the Bridge for Project Management Systems or Active Directory Synchronization Tool, when you upgrade your database you will also need to generate a key for encryption. For instructions on how to generate a key, see the Portfolio Management Installation and Configuration Guide.
- Double-click the file psActiveDirectorySync.exe located in the “bin” subfolder of the PPM installation directory. By default, this is located at C:\Program Files\Oracle\Primavera Portfolio Management\Portfolios\bin.
- In the Active Directory pane, enter the following:
Login: The Windows login name of a user with access to the LDAP server
Password: The password of the user with access to the LDAP server.
Server Name: The name of the LDAP server.
LDAP Root Container: The container within LDAP that contains the sub tree of users and user groups relevant to PPM. The container is specified using LDAP syntax such as
cn=container,dc=domain,dc=com. Any object can be specified in this field using this syntax. - In the Primavera Portfolio Management pane, enter the following:
Login: The PPM login name of a user with administrative rights to PPM.
Password: The PPM password of this user.
Ignore PPM Users: A list of PPM login names, separated by semicolons, that will not be synchronized with LDAP. By default, the login name of the PPM System Administrator, “admin”, is listed here, to avoid causing this user to become disabled upon running a LDAP synchronization.
Ignore PPM Groups: A list of PPM group names, separated by semicolons, that will not be synchronized with LDAP. By default, the group name “Administrators” is listed here to avoid causing this group to either get deleted or contain the names of (Windows) Administrators as defined in LDAP.
License Type: The license type that will be assigned to each new user synchronized with LDAP. The options are:
FULL – new users will be assigned full licenses.
READ – new users will be assigned read-only licenses.
FORM – new users will be assigned forms-only licenses.
- When the required information in all fields has been entered, click Synchronize to start the LDAP synchronization process. Click Cancel to exit the tool without performing synchronization.
Note that the information entered in these fields is not saved to the database and does not affect any other, scheduled, LDAP synchronization.