PowerCenter All Products
Host name or IP address of the Active Directory server.
To configure Kerberos cross realm authentication, connect to the Active Directory global catalog host. Specify the fully qualified hostname. For example:
Listening port for the Active Directory server.
The default is 389. The default SSL port is 636.
To configure Kerberos cross realm authentication, connect to the Active Directory global catalog port. The default is 3268. The default SSL port is 3269.
LDAP Directory Service
Select Microsoft Active Directory Service.
Specify the bind user account you created in Active Directory to synchronize accounts in Active Directory with the LDAP security domain.
Because the domain is enabled for Kerberos authentication, you do not have the option to provide a password for the account.
If the domain uses Kerberos cross realm authentication, include the name of the realm to which the Active Directory principal database belongs.
Use SSL Certificate
Indicates that the LDAP server uses the Secure Socket Layer (SSL) protocol.
Trust LDAP Certificate
Determines whether the Service Manager can trust the SSL certificate of the LDAP server. If selected, the Service Manager connects to the LDAP server without verifying the SSL certificate. If not selected, the Service Manager verifies that the SSL certificate is signed by a certificate authority before connecting to the LDAP server.
Not Case Sensitive
Indicates that the Service Manager must ignore case sensitivity for distinguished name attributes when assigning users to groups.
Group Membership Attribute
Name of the attribute that contains group membership information for a user. This is the attribute in the LDAP group object that contains the DNs of the users or groups who are members of a group. For example, member or memberof.
Maximum number of user accounts to import into a security domain. For example, if the value is set to 100, you can import a maximum of 100 user accounts into the security domain.
If the number of user to be imported exceeds the value for this property, the Service Manager generates an error message and does not import any user. Set this property to a higher value if you have many users to import.
Default is 1000.
Name of the LDAP security domain into which you want to import user accounts from Active Directory.
User search base
Distinguished name (DN) of the entry that serves as the starting point to search for user names in Active Directory. The search finds an object in the directory according to the path in the distinguished name of the object.
For example, to search the USERS container that contains Informatica user accounts in the example.com Windows domain, specify CN=USERS,DC=EXAMPLE,DC=COM.
An LDAP query string that specifies the criteria for searching for users in the directory service. The filter can specify attribute types, assertion values, and matching criteria.
For example: (objectclass=*) searches all objects. (&(objectClass=user)(!(cn=susan))) searches all user objects except “susan”. For more information about search filters, see the documentation for the LDAP directory service.
Group search base
Distinguished name (DN) of the entry that serves as the starting point to search for group names in the LDAP directory service.
An LDAP query string that specifies the criteria for searching for groups in the directory service.