You must create an LDAP security domain if you configure an Informatica domain to use Kerberos authentication. When you install Informatica services and enable Kerberos authentication, the Informatica installer creates an LDAP security domain with the name of the Kerberos realm that you specify during installation.
When you create an LDAP security domain, you configure search bases and filters that define the set of LDAP user accounts and groups to include in the security domain. The Service Manager uses the security domain configuration to import or synchronize users and groups in the security domain with users and groups in the LDAP directory service.
The Service Manager uses the following criteria when it imports or synchronizes users and groups within an LDAP security domain:
The Service Manager uses the user search bases and filters to import user accounts.
The Service Manager uses the group search bases and filters to import groups.
The Service Manager imports the groups that are included in the group filter and the user accounts that are included in the user filter.