Preface
Starting Data Archive
- Starting the ILM Application Server
- Configure Proxy Server Settings
- Logging In to Data Archive
System Configuration
- System Configuration Overview
- Conf.properties File
- System Profile
- Email Notification
  - Test Email Server Configuration Job
  - Setting Up Email Notification
- Environment Variables
Database Users and Privileges
- Database Users and Privileges Overview
- Database Users
- IBM DB2 Privileges
- SAP Application Retirement Privileges
  - ZINFA_RETIREMENT_PREPARATION Role
Source Connections
- Source Connections Overview
- Source Database Requirements
- Connection Properties
  - General Connection Properties
- IBM DB2 Source Connections
- Binding Packages on IBM DB2
- Generic JDBC Source Connections
  - Uploading JDBC Driver JAR Files
  - Generic JDBC Connection Properties
- Informix Source Connections
- Legacy Adapter Connection
- Microsoft SQL Server Source Connections
  - Creating an SSL Connection
- MongoDB Source Connections
- Netezza Source Connections
- Oracle Source Connections
- PowerExchange ODBC Connections
- Salesforce Source Connections
- Sybase Source Connections
- Teradata Source Connections
- Creating a Source Connection
- Copying a Source Connection
- Database User Password Changes
  - Properties File
  - Changing Database User Passwords
Target Connections
- Target Connections Overview
- Target Database Requirements
- Connection Properties
  - General Connection Properties
- IBM DB2 Target Connections
- Informix Target Connections
- Microsoft SQL Server Target Connections
  - Creating an SSL Connection
- Data Vault Target Connections
  - Archive Store Properties
- Oracle Target Connections
- Teradata Target Connections
- Netezza Target Connections
- Creating a Target Connection
- Copying a Target Connection
- Database User Password Changes
  - Properties File
  - Changing Database User Passwords
Archive Store Configuration
- Archive Store Configuration Overview
- EMC Centera and EMC Atmos Configuration
- Hitachi Content Platform Configuration
- Hadoop Distributed File System Configuration
- Microsoft Azure Storage Configuration
Datatype Mapping
- Datatype Mapping from Source to Archive Overview
- Datatype Mapping Interface
- Data Vault Datatypes
- IBM DB2 Source Databases
- Custom Datatypes
- SAP Datatypes
- Unsupported Datatype Mappings
- Mapping a Custom Datatype to an Archive Datatype
- Out-of-Range Data Replacement
  - Configuration for Out-of-Range Data Replacement
  - Examples for Out-of-Range Data Replacement
Database Optimization
- Database Optimization Overview
- IBM DB2 Native Utilities
- Teradata Native Utilities
SAP Application Retirement
- SAP Application Retirement Overview
- SAP Application Retirement Architecture Options
- Setting Up SAP Application Retirement
- Step 1. Install the SAP Java Connector
- Step 2. Apply the SAP Transports
- Step 3. Assign Roles
- Step 4. Configure Conf.Properties
- Step 5: Set up the FTP or NFS Connection
  - Creating the FTP Connection
  - Creating the NFS Mount
z/OS Source Data Retirement
- z/OS Source Data Retirement Overview
- Implementation Example
- Prerequisites
- Step 2. Create PowerExchange Data Maps
- Step 3. Configure PowerExchange ODBC Data Sources on the Data Archive Server
  - Configure ODBC Data Sources on Linux or UNIX
  - Configure ODBC Data Sources on Windows
- Step 4. Import z/OS Metadata
- Step 5. Define and Run the Retirement Project
Seamless Data Access
- Seamless Data Access Overview
- Seamless Access for IBM DB2
  - Create Seamless Data Access Script Job
    - Create Seamless Data Access Script Job Parameters
  - Configuring Seamless Access for IBM DB2
- Seamless Access for Oracle
- Seamless Access for PeopleSoft
- Seamless Access for PeopleSoft on IBM DB2
Data Discovery Portal
- Data Discovery Portal Overview
- Search Data Vault
  - Setting up Search Data Vault
  - Maintaining Search Indexes
- Search Within an Entity in Data Vault
  - Step 1. Define Search Options
    - Editing Search Options
  - Step 2. Specify Number of Records in Results
    - Editing the Default Maximum Records in Results Value
- Masking Sensitive Information in Data Vault
  - Enabling Dynamic Data Masking
- Integration with E-Discovery Solutions
  - In-Place Preservation for Data Vault Through Exterro Fusion
    - Integrating Data Archive and Exterro Fusion
    - Troubleshooting Legal Holds Applied from the Exterro Fusion Interface
- Accessing Archive Data from an External Application
Security
- Security Overview
- Users
  - User Properties
  - Password Management
- User Management
- System-Defined Roles
  - System-Defined Roles and Privileges
  - User Reports for System-Defined Roles
- Data Vault Access Roles
- Security Groups
  - Security Group Properties
  - Creating Security Groups
SSL Communication with Data Vault
- SSL Communication with Data Vault Overview
- Creating a Certificate and TrustStore
- Updating Conf.Properties
- Modifying the StartApplimation File
- Creating a Generic JDBC Source Connection
- Importing Data Vault Table Metadata with SSL Enabled
- Updating JReport Designer
LDAP User Authentication
- LDAP User Authentication Overview
- User Synchronization
  - Nested Group Synchronization for Users
- Data Archive Roles and LDAP Security Groups
  - Technical Names for System-Defined Roles
- Role Assignments
- Role Assignment Synchronization
  - Nested Group Synchronization for Role Assignments
- Sync with LDAP Server Job
  - Sync with LDAP Server Job Parameters
- Troubleshooting the Sync with LDAP Server Job
- Setting Up LDAP User Authentication
- LDAP User Authentication Maintenance
- Single Sign-On
Auditing
- Auditing Overview
- Audit Levels
- Configuring Audit Logs
- Archiving Audit Logs
- Viewing Audit Logs
- Exporting Audit Logs
- Purging Audit Logs
Running Jobs from External Applications
- Running Jobs from an External Application Overview
- Job Handler JSP
- Job Handler JSP Job Parameters
- Run Update Retention JSP
- Run Definition JSP
- Legal Hold API
- Step 1. Configure Security
- Step 2. Form the Legal Hold URL
- Step 3. Add the URL to the External Application Code
- Step 4. Form the URL that Calls GetJobStatus.jsp
  - Forming the URL that Calls GetJobStatus.jsp
  - Example
- Step 5. Add the URL to the External Application Code
- File Archive Transaction Restore API
- Step 1. Configure Security
- Step 2. Create the File Archive Transaction Restore API Definition
- Step 3. Form the File Archive Transaction Restore URL
  - File Archive Transaction Restore URL Syntax
  - Forming the URL for the File Archive Transaction Restore API
- Step 4. Add the URL to the External Application Code
- API Authentication
Salesforce Archiving Administrator Tasks
- Salesforce Archiving Administrator Tasks Overview
- Configure Salesforce Permissions
Upgrading Oracle History Data
- Upgrading Oracle History Data Overview
- Upgrading Oracle History Data Prerequisites
- Steps to Upgrade the History Data
- Step 1. Run the History Upgrade Scripts
  - History Upgrade Scripts Parameters
  - Running the History Upgrade Scripts
- Step 2. Run the Create History Table Job with the Original Source
  - Running the Create History Table Job
- Step 3. Update the Application Version for Source and Target Connections
  - Updating the Application Version for Source and Target Connections
- Step 4. Run the Create History Table Job with the Updated Source
  - Running the Create History Table Job
- Step 5. Run the Seamless Data Access Job for the Updated Source
  - Running the Seamless Data Access Job
- Step 6. Run the Create Indexes Job
  - Running the Create Indexes Job
- Step 7. Gather Database Statistics
Upgrading PeopleSoft History Data
- Upgrading PeopleSoft History Data Overview
- Upgrading PeopleSoft History Data Prerequisites
- Steps to Upgrade the History Data
- Step 1. Run the History Upgrade Scripts
  - Running the History Upgrade Scripts
    - Original Application Changes Script Example
    - Updated Application Changes Script Example
- Step 2. Run the Create History Table Job with the Original Source
  - Running the Create History Table Job
- Step 3. Update the Application Version for Source and Target Connections
  - Updating the Application Version for Source and Target Connections
- Step 4. Run the Create History Table Job with the Updated Source
  - Running the Create History Table Job
- Step 5. Run the Seamless Data Access Job for the Updated Source
  - Running the Seamless Data Access Job
- Step 6. Run the Create Indexes Job
  - Running the Create Indexes Job
- Step 7. Gather Database Statistics
Data Archive Maintenance
- Data Archive Maintenance Overview
  - Data Archive Component Integration
- Backing up Data Archive Components
- Maintaining the Data Vault Repository
Appendix A: Datetime and Numeric Formatting
- Datetime and Numeric Formatting Overview
- Datetime Format Strings
  - Datetime Format String Examples
- Numeric Format Strings
  - Numeric Format String Examples
Appendix B: Data Archive Connectivity
- Data Archive Connectivity Overview
- Native Connectivity
- DataDirect Connect JDBC Connectivity
- PowerExchange Connectivity
- Third-Party JDBC Connectivity

Administrator Guide

6.5 HotFix 1
- 6.5.1
- 6.5
- 6.4.4
- 6.4.3 HotFix 1
- 6.4.3

Back Next

LDAP User Authentication Properties

LDAP authenticates users in an LDAP server. Use LDAP authentication to enable a single sign-on feature across multiple applications. You must configure properties for Data Archive to use LDAP user authentication.

The

conf.properties

file includes the following LDAP properties:

authenticationMethod: Determines the type of user authentication.

If commented, default is native user authentication. You maintain users in Data Archive.

If uncommented, default is
LDAP
. You maintain users in the LDAP directory service and synchronize users to Data Archive.
ldap.attribute.email: Configures the LDAP email address, AM_USERS.EMAIL_ADDRESS.

Default is
mail
for Active Directory and Sun LDAP.
ldap.attribute.fullName: Configures the ILM full user name, AM_USERS.FULL_NAME.

Default is
displayName
for Active Directory.

Default is
uid
for Sun LDAP.
ldap.attribute.groupclassname: Name of the LDAP directory service object class that you use to group members or security groups.

Default is
group
for Active Directory.

Default is
groupOfUniqueNames
for Sun LDAP.
ldap.attribute.ismemberof: Name of the LDAP directory service attribute that indicates a user is a member of a group.

Default is
memberOf
for Active Directory.

Default is
isMemberOf
for Sun LDAP.
ldap.attribute.member: Configures the LDAP member name.

Default is
member
for Active Directory.

Default is
uniqueMember
for Sun LDAP.
ldap.attribute.organizationName: Configures the LDAP organization name, AM_USERS.ORGANIZATION_NAME. Optional.

No default value. If you do not set this property, the organization name of the user is set to
LDAP User
.
ldap.attribute.userName: Configures the ILM user name, AM_USERS.USER_NAME.

Default is
sAMAccountName
for Active Directory.

Default is
uid
for Sun LDAP.
ldap.pageSize: Restricts the number of entries returned in a single page.
0. Paging is disabled.
Greater than 0. Paging is enabled. Value indicates the number of entries to return in a single page.
ldap.syncRoles: Determines the location where you maintain role assignments for users.

If commented, you maintain role assignments in the users account in Data Archive.

If uncommented, enables role assignment synchronization from the LDAP directory service to user accounts in Data Archive. You maintain role assignments for users in the LDAP directory service. When users log in to Data Archive, Data Archive synchronizes the role assignments from the LDAP directory service and updates the role assignments in the user account in Data Archive.

If you uncomment the property, enter one of the following values:
False. Disables role assignment synchronization.
True. Enables role assignment synchronization.

Default is false.
ldap.useSSL: Determines if you access the LDAP directory service through SSL.

Use one of the following values:

False. Disables SSL authentication.
True. Enables SSL authentication.

Default is false.
ldap.roleNamePrefix: Adds a user-defined custom prefix to the Data Archive-specific LDAP role names. If enabled, only roles with the prefix are considered for LDAP role synchronization and role search.
For example, to add the prefix "GLOBAL_US_ILM-" to the LDAP role name, configure the property as follows:
ldap.roleNamePrefix=GLOBAL_US_ILM-

When you create a custom prefix for LDAP roles, you must create Data Archive-specific LDAP roles using the prefix. For example, "GLOBAL_US_ILM-Administrator" for the Administrator role or "GLOBAL_US_ILM-Legal_Hold_User" for the Legal Hold User role. Data Archive removes the prefix when it compares LDAP roles to Data Archive roles. For example, the LDAP user "GLOBAL_US_ILM-Legal_Hold_User" is assigned the Legal Hold User role in Data Archive.

You can specify multiple custom prefixes. Separate each prefix by a comma.

For example:
ldap.roleNamePrefix=GLOBAL_US_ILM-,GLOBAL_US_DSG-
ldap.useRoleNamePrefixForNestedGroups: Determines if nested group searches consider only groups that begin with the role name prefix.
Use one of the following values:
True. Nested group searches consider only groups that begin with the role name prefix.
False. Nested group searches consider all role names.

Default is true.
ldap.skipReferrals: Restricts LDAP searches of roles assigned to a user to the user's domain component.
Use one of the following values:
True. Restricts LDAP searches of roles assigned to a user to the user's domain component.
False. Disables the restriction.

Default is false.
ldap.ignoreRefErrors: If set to true, Data Archive ignores referral errors in LDAP role searches.
Use one of the following values:
True.
False.

Default is true.

Rename Saved Search

Table of Contents

Administrator Guide

Administrator Guide

LDAP User Authentication Properties

LDAP User Authentication Properties