The Sync with LDAP Server job synchronizes users between the LDAP directory service and Data Archive. Use the job to create users in Data Archive. Run the job when you initially set up LDAP authentication and after you create additional users in the LDAP directory service.
If you enable LDAP authentication, you must create and maintain users in the LDAP directory service and use the job to create user accounts in Data Archive. Run the job once for each group base that you want to synchronize.
When you run the job, the job uses the LDAP properties that are configured in the
conf.properties
file to connect to the LDAP directory service. If you specify the group base and the group filter in the job parameters, the job finds all of the users within the group and any nested groups. The job compares the users to users in Data Archive. If a user is in the group, but not in Data Archive, then the job creates a user account in Data Archive.
If you enabled role assignment synchronization, the job checks the security groups that the user is assigned to, including nested groups. The job matches the security group names to the names of the system-defined or Data Vault access role names. If the names are the same, the job adds the role to the user account in Data Archive. Data Archive automatically synchronizes any subsequent changes to security group assignments when users log in to Data Archive.
After the job creates users in Data Archive, any additional changes to users in the LDAP directory service are automatically synchronized when users log in to Data Archive. For example, if you change user properties, such as email addresses, or role assignments.