Table of Contents

Search

  1. Preface
  2. Starting Data Archive
  3. System Configuration
  4. Database Users and Privileges
  5. Source Connections
  6. Target Connections
  7. Archive Store Configuration
  8. Datatype Mapping
  9. Database Optimization
  10. SAP Application Retirement
  11. z/OS Source Data Retirement
  12. Seamless Data Access
  13. Data Discovery Portal
  14. Security
  15. LDAP User Authentication
  16. Auditing
  17. Running Jobs from External Applications
  18. Upgrading Oracle History Data
  19. Upgrading PeopleSoft History Data
  20. Data Archive Maintenance
  21. Storage Classifications
  22. Appendix A: Datetime and Numeric Formatting
  23. Appendix B: Data Archive Connectivity

Administrator Guide

Administrator Guide

Sync with LDAP Server Job

Sync with LDAP Server Job

The Sync with LDAP Server job synchronizes users between the LDAP directory service and Data Archive. Use the job to create users in Data Archive. Run the job when you initially set up LDAP authentication and after you create additional users in the LDAP directory service.
If you enable LDAP authentication, you must create and maintain users in the LDAP directory service and use the job to create user accounts in Data Archive. Run the job once for each group base that you want to synchronize.
When you run the job, the job uses the LDAP properties that are configured in the
conf.properties
file to connect to the LDAP directory service. If you specify the group base and the group filter in the job parameters, the job finds all of the users within the group and any nested groups. The job compares the users to users in Data Archive. If a user is in the group, but not in Data Archive, then the job creates a user account in Data Archive.
If you enabled role assignment synchronization, the job checks the security groups that the user is assigned to, including nested groups. The job matches the security group names to the names of the system-defined or Data Vault access role names. If the names are the same, the job adds the role to the user account in Data Archive. Data Archive automatically synchronizes any subsequent changes to security group assignments when users log in to Data Archive.
After the job creates users in Data Archive, any additional changes to users in the LDAP directory service are automatically synchronized when users log in to Data Archive. For example, if you change user properties, such as email addresses, or role assignments.

0 COMMENTS

We’d like to hear from you!