Communities
A collaborative platform to connect and grow with like-minded Informaticans across the globe
Product Communities
Connect and collaborate with Informatica experts and champions
Discussions
Have a question? Start a Discussion and get immediate answers you are looking for
User Groups
Customer-organized groups that meet online and in-person. Join today to network, share ideas, and get tips on how to get the most out of Informatica
Get Started
Community Guidelines
Knowledge Center
Troubleshooting documents, product guides, how to videos, best practices, and more
Knowledge Base
One-stop self-service portal for solutions, FAQs, Whitepapers, How Tos, Videos, and more
Support TV
Video channel for step-by-step instructions to use our products, best practices, troubleshooting tips, and much more
Documentation
Information library of the latest product documents
Velocity (Best Practices)
Best practices and use cases from the Implementation team
Learn
Rich resources to help you leverage full capabilities of our products
Trainings
Role-based training programs for the best ROI
Certifications
Get certified on Informatica products. Free, Foundation, or Professional
Product Learning Paths
Free and unlimited modules based on your expertise level and journey
Resources
Library of content to help you leverage the best of Informatica products
Tech Tuesdays Webinars
Most popular webinars on product architecture, best practices, and more
Product Availability Matrix
Product Availability Matrix statements of Informatica products
SupportFlash
Monthly support newsletter
Support Documents
Informatica Support Guide and Statements, Quick Start Guides, and Cloud Product Description Schedule
Product Lifecycle
End of Life statements of Informatica products
Ideas
Events
Change Request Tracking
Marketplace
English
  • PowerCenter 10.4.0
  • All Products

Table of Contents

Search

  1. About the Security Guide
  2. Introduction to Informatica Security
  3. User Authentication
  4. LDAP Authentication
  5. Kerberos Authentication
  6. SAML Authentication for Informatica Web Applications
  7. Domain Security
  8. Security Management in Informatica Administrator
  9. Users and Groups
  10. Privileges and Roles
  11. Permissions
  12. Audit Reports
  13. Command Line Privileges and Permissions
  14. Custom Roles
  15. Default List of Cipher Suites

Security Guide

Security Guide

Back Next

Create the LDAP Configuration and Configure the LDAP Server Connection

Create the LDAP Configuration and Configure the LDAP Server Connection

Create the LDAP configuration and configure the connection to the LDAP server that contains the directory service from which you want to import the user accounts.
When you configure the connection to the LDAP server, indicate that the Service Manager must ignore the case sensitivity of the distinguished name attributes of the LDAP user accounts when it assigns users to groups in the Informatica domain. If the Service Manager does not ignore case sensitivity, the Service Manager might not assign all the users that belong to a group.
If the LDAP server uses SSL, you must import the certificate used by each domain node into the
cacerts
 truststore file on a gateway node domain. You then copy the
cacerts
 file that contains the imported certificates to the same directory on every node in the domain. For more information, see Using a Self-Signed SSL Certificate.
To set up a connection to the LDAP directory service, perform the following tasks:
  1. In the Administrator tool, click the
    Security
     tab.
  2. Click the
    LDAP Configuration
     tab.
  3. Click the
    Actions
     menu, and then and select
    Create LDAP Configuration
    .
  4. In the
    Create LDAP Configuration
     dialog box, click the
    LDAP Connectivity
     tab.
  5. Configure the connection properties for the LDAP server.
    You might need to consult the LDAP administrator to get the information needed to connect to the LDAP server.
    The following table describes the LDAP server configuration properties:
    Property
    Description
    LDAP Configuration Name
    Name of the LDAP configuration.
    Server Name
    Host name or IP address of the machine hosting the LDAP directory service.
    Port
    Listening port for the LDAP server. This is the port number to communicate with the LDAP directory service. Typically, the LDAP server port number is 389. If the LDAP server uses SSL, the LDAP server port number is 636. The maximum port number is 65535.
    LDAP Directory Service
    Type of LDAP directory service.
    If you use Kerberos authentication, you must select Microsoft Active Directory Service.
    Name
    Distinguished name (DN) for the principal user. The user name often consists of a common name (CN), an organization (O), and a country (C). The principal user name is an administrative user with access to the directory. Specify a user that has permission to read other user entries in the LDAP directory service.
    To connect to Azure Active Directory, specify the User Principal Name (UPN) for the principal user.
    Password
    Password for the principal user. Leave blank for anonymous log in.
    Use SSL Certificate
    Indicates that the LDAP server uses the Secure Socket Layer (SSL) protocol.
    Trust LDAP Certificate
    Determines whether the Service Manager can trust the SSL certificate of the LDAP server. If selected, the Service Manager connects to the LDAP server without verifying the SSL certificate. If not selected, the Service Manager verifies that the SSL certificate is signed by a certificate authority before connecting to the LDAP server.
    Not Case Sensitive
    Indicates that the Service Manager must ignore case sensitivity for distinguished name attributes when assigning users to groups.
    Group Membership Attribute
    Name of the attribute that contains group membership information for a user. This is the attribute in the LDAP group object that contains the DNs of the users or groups who are members of a group. For example,
    member
     or
    memberof
    .
    Maximum Size
    Maximum number of user accounts to import into a security domain. For example, if the value is set to 100, you can import a maximum of 100 user accounts into the security domain.
    If the number of user to be imported exceeds the value for this property, the Service Manager generates an error message and does not import any user. Set this property to a higher value if you have many users to import.
    Default is 1000.
  6. Click
    Test Connection
     to verify that the connection to the LDAP server is valid.
  7. Click
    OK
     to save the LDAP configuration.
0 COMMENTS
We’d like to hear from you!