LDAP authentication in PowerExchange involves PowerExchange and LDAP components.
The following image shows the main components that are involved in LDAP user authentication in PowerExchange:
PowerExchange Listener or Logger
The PowerExchange Listener or the PowerExchange Logger for Linux, UNIX, and Windows receives the credentials of the PowerExchange user from the client program and issues the following calls to the LDAP server:
Bind the search user. The PowerExchange Listener or PowerExchange Logger uses the search user to connect to the LDAP server.
Search for the PowerExchange user.
Bind the PowerExchange user.
The following PowerExchange Listener clients can use LDAP authentication:
PowerCenter workflow or mapping with a PowerExchange source or target
PowerExchange Navigator
pwxcmd commands that connect to the PowerExchange Listener through the SVCNODE port
The following PowerExchange Logger clients can use LDAP authentication:
pwxcmd commands that connect to the PowerExchange Logger through the SVCNODE port
PowerExchange user credentials
A client program sends the user ID and password of the PowerExchange user to the PowerExchange Listener or PowerExchange Logger.
Configuration files
The PowerExchange Listener or PowerExchange Logger reads LDAP configuration information from the DBMOVER configuration file.
If you configure PowerExchange to use the Transport Layer Security (TLS) protocol to encrypt communications between PowerExchange and the LDAP server, PowerExchange uses keystore and truststore files to authenticate the LDAP client or server.
LDAP client libraries
The LDAP client libraries provide an interface between the PowerExchange Listener or Logger and the LDAP server.
LDAP server
The LDAP server receives and executes the calls that the PowerExchange Listener or PowerExchange Logger issues to bind the search user, search for the PowerExchange user, and bind the PowerExchange user.