Table of Contents

Search

  1. About the Security Guide
  2. Introduction to Informatica Security
  3. User Authentication
  4. LDAP Authentication
  5. Kerberos Authentication
  6. SAML Authentication for Informatica Web Applications
  7. Domain Security
  8. Security Management in Informatica Administrator
  9. Users and Groups
  10. Privileges and Roles
  11. Permissions
  12. Audit Reports
  13. Command Line Privileges and Permissions
  14. Custom Roles
  15. Default List of Cipher Suites

Configure the Security Domain

Configure the Security Domain

Create an LDAP security domain for each set of user accounts and groups you want to import from the LDAP directory service. Set up search bases and filters to define the set of user accounts and groups to include in a security domain.
The names of users and groups to be imported from the LDAP directory service must conform to the same rules as the names of native users and groups. The Service Manager does not import LDAP users or groups if names do not conform to the rules of native user and group names. Note that unlike native user names, LDAP user names can be case sensitive.
The Service Manager uses the user search bases and filters to import user accounts and the group search bases and filters to import groups. The Service Manager uses the filters to imports groups and the list of users that belong to each group.
If you modify the LDAP connection properties to connect to a different LDAP server, the Service Manager does not delete the existing security domains. You must ensure that the LDAP security domains are correct for the new LDAP server. Modify the user and group filters in the security domains or create additional security domains so that the Service Manager correctly imports the users and groups that you want to use in the Informatica domain.
To configure an LDAP security domain, perform the following steps:
  1. In the Administrator tool, click the
    Security
    tab.
  2. Click the
    Actions
    menu, and then select
    LDAP Configuration
    .
  3. In the
    LDAP Configuration
    dialog box, click the
    Security Domains
    tab.
  4. Click
    Add
    .
    The following table describes the filter properties that you can set for a security domain:
    Property
    Description
    Security Domain
    Name of the LDAP security domain. The name is not case sensitive and must be unique within the domain. The string cannot exceed 128 characters or contain the following special characters:
    , + / < > @ ; \ % ?
    The name can contain an ASCII space character except for the first and last character. All other space characters are not allowed.
    User search base
    Distinguished name (DN) of the entry that serves as the starting point to search for user names in the LDAP directory service. The search finds an object in the directory according to the path in the distinguished name of the object.
    For example, in Microsoft Active Directory, the distinguished name of a user object might be cn=UserName,ou=OrganizationalUnit,dc=DomainName, where the series of relative distinguished names denoted by dc=DomainName identifies the DNS domain of the object.
    User filter
    An LDAP query string that specifies the criteria for searching for users in the directory service. The filter can specify attribute types, assertion values, and matching criteria.
    For example:
    (objectclass=*)
    searches all objects.
    (&(objectClass=user)(!(cn=susan)))
    searches all user objects except “susan”. For more information about search filters, see the documentation for the LDAP directory service.
    Group search base
    Distinguished name (DN) of the entry that serves as the starting point to search for group names in the LDAP directory service.
    Group filter
    An LDAP query string that specifies the criteria for searching for groups in the directory service.
  5. Click
    Preview
    to view a subset of the list of users and groups that fall within the filter parameters.
    If the preview does not display the correct set of users and groups, modify the user and group filters and search bases to get the correct users and groups.
  6. To immediately synchronize the users and groups in the security domains with the users and groups in the LDAP directory service, click
    Synchronize Now
    .
    The Service Manager synchronizes the users in all the LDAP security domains with the users in the LDAP directory service. The time it takes for the synchronization process to complete depends on the number of users and groups to be imported.
  7. Click
    OK
    to save the security domain.


Updated June 26, 2020