LDAP Integration Overview
This topic provides a high level overview of the integration process.
At a high level, the base product provides a process to import user group and / or user definitions from and LDAP repository. This is a one way integration.
-
When importing a user, if it is not already found in the system, it will be added; otherwise its attributes will be updated according to the imported information.
-
When importing a user group, if it is not already found in the system, it will be added; otherwise its attributes will be updated according to the imported information.
-
When importing a user, its user group links will be updated as per the information in the import file. In addition, if there are any user groups linked to the user that are not found in the system, they will be added (however, the other users linked to that group in the LDAP repository will not be added as part of this step).
-
When importing a user group, its user links will be updated as per the information in the import file. In addition, if there are any users linked to the user group that are not found system, they will be added (however, the other user groups linked to that user in the LDAP repository will not be added as part of this step).
-
The import will not cause any deletions of the User or User Group to occur.
A Batch Process Initiates the Import
A batch process is used to initiate the import of information from the LDAP repository. F1–LDAP may be submitted ad hoc or may be set up in a scheduler to periodically re-sync the information from the LDAP repository into the application.
The batch process uses parameters to define how to connect to the LDAP repository. In addition, parameters are used to indicate which user or group is being imported.
Adjusting Data to Import
The system provides several mechanisms for adjusting data that is being added to the system:
-
There is an LDAP Import Preprocess algorithm plug-in spot on the installation record. Algorithms plugged in here are called by the batch process prior to the add or update of any records. It may be used to make adjustments to the data before doing updates in the application.
-
Specifically for creating or updating Users, the F1–IDMUser business object is used to add and create the user. The standard BO Preprocessing algorithm plug-in spot may be used to adjust data prior to creation. Note that the system does not support defining a characteristic to support a template user that can aid in populating configuration for a new user. However, this integration can take advantage of using a default template user as an algorithm parameter. Refer to Template User for more information.
-
The LDAP mapping file supports some attributes to perform simple modifications to data.
-
The transform attribute supports values to truncate values or to convert data to upper case.
-
The autoGenerate attribute is specific to the User ID field. Setting this to true will trigger code that will automatically populate the User ID based on the user’s name. Refer to LDAP Mapping for more information.
-
Performing Additional Processing After Import
The system provides a plug-in spot on the installation record called LDAP Import. Algorithms plugged into this spot are called after users or user groups have been added or updated. It may be used to perform any extra processing that may need to be executed.