Setting Up an LDAP Security Domain
You can create an LDAP security domain for user accounts that you import from an LDAP directory service. To organize different groups of users, you can create multiple LDAP security domains.
You create and manage LDAP users and groups in the LDAP directory service. Set up a connection to the LDAP server and use search filters to specify the users and groups that can have access to the Informatica domain. Then import the user accounts into LDAP security domains. If the LDAP server uses the SSL protocol, you must also specify the location of the SSL certificate.
You can import users from the following LDAP directory services:
IBM Tivoli Directory Server
Microsoft Active Directory
If you use Kerberos authentication, you can only import users from Microsoft Active Directory.
Sun Java System Directory Server
After you import users into an LDAP security domain, you can assign roles, privileges, and permissions to the users. You can assign LDAP user accounts to native groups to organize them based on their roles in the Informatica domain.
You cannot use the Administrator tool to create, edit, or delete users and groups in an LDAP security domain. You must make changes to LDAP users and groups in the LDAP directory service, then synchronize the LDAP security domain with the LDAP directory service.
Use the LDAP Configuration dialog box to set up the connection to the LDAP directory service and create the LDAP security domain. You can also use the LDAP Configuration dialog box to set up a synchronization schedule.
To set up the LDAP security domain, perform the following steps:
Set up the connection to the LDAP directory service.
Configure a security domain.
Schedule the synchronization times.