Communities
A collaborative platform to connect and grow with like-minded Informaticans across the globe
Product Communities
Connect and collaborate with Informatica experts and champions
Discussions
Have a question? Start a Discussion and get immediate answers you are looking for
User Groups
Customer-organized groups that meet online and in-person. Join today to network, share ideas, and get tips on how to get the most out of Informatica
Get Started
Community Guidelines
Knowledge Center
Troubleshooting documents, product guides, how to videos, best practices, and more
Knowledge Base
One-stop self-service portal for solutions, FAQs, Whitepapers, How Tos, Videos, and more
Support TV
Video channel for step-by-step instructions to use our products, best practices, troubleshooting tips, and much more
Documentation
Information library of the latest product documents
Velocity (Best Practices)
Best practices and use cases from the Implementation team
Learn
Rich resources to help you leverage full capabilities of our products
Trainings
Role-based training programs for the best ROI
Certifications
Get certified on Informatica products. Free, Foundation, or Professional
Product Learning Paths
Free and unlimited modules based on your expertise level and journey
Resources
Library of content to help you leverage the best of Informatica products
Tech Tuesdays Webinars
Most popular webinars on product architecture, best practices, and more
Product Availability Matrix
Product Availability Matrix statements of Informatica products
SupportFlash
Monthly support newsletter
Support Documents
Informatica Support Guide and Statements, Quick Start Guides, and Cloud Product Description Schedule
Product Lifecycle
End of Life statements of Informatica products
Ideas
Events
Change Request Tracking
Marketplace
English
  • Multidomain MDM 10.3 HotFix 1
  • All Products

Table of Contents

Search

  1. Preface
  2. Part 1: Introduction
  3. Part 2: Samples and Examples
  4. Part 3: Tools and Utilities
  5. Part 4: SDK Resources

Resource Kit Guide

Resource Kit Guide

Back Next

Synchronizing Users with Roles through an LDAP Server

Synchronizing Users with Roles through an LDAP Server

You can synchronize users in an LDAP server with the associated roles in Operational Reference Stores. Before the synchronization, ensure that the LDAP server has users and roles. You can synchronize users in an LDAP server with roles in multiple Operational Reference Stores.
  1. Add the LDAP server properties in the
    automation.properties
     file.
    The following table describes the properties in the
    automation.properties
     file that you need to configure:
    Property
    Description
    LDAP.Server
    Required. URL to connect to the LDAP server.
    LDAP.Username
    Required. User name to access the LDAP server. If the LDAP server search is not secure, you do not need a user name.
    LDAP.Password
    Required. Password to access the LDAP server. If the LDAP server search is not secure, you do not need a password.
    LDAP.SearchBase
    Required. Specifies the starting point for the search in the LDAP directory tree.
    LDAP.number.of.ldaproles
    Required. Number of roles in the Operational Reference Stores for which you want to synchronize users.
    LDAP.rolename.for.ldap.search<n>
    Required. Name of a role in the LDAP server.
    LDAP.role.attribute_name.for.userlist<n>
    Required. Name of an attribute for a role in an LDAP server that is associated with a user in an Operational Reference Store.
    LDAP.MDM.ORS.databaseId<n>
    Required. ID of the Operational Reference Store that has a role associated with a user in the LDAP server.
    LDAP.MDM.rolename<n>
    Required. Name of a role in the Operational Reference Store that corresponds to a role in the LDAP server.
    LDAP.attribute_name.for.user.firstname
    Required. First name of a user in the LDAP server. Use the property if you want to synchronize the first name of a user from the LDAP server with the Operational Reference Store.
    LDAP.attribute_name.for.user.middlename
    Optional. Middle name of a user in the LDAP server. Use the property if you want to synchronize the middle name of a user from the LDAP server with the Operational Reference Store.
    LDAP.attribute_name.for.user.lastname
    Required. Last name of a user in the LDAP server. Use the property if you want to synchronize the last name of a user from the LDAP server with the Operational Reference Store.
    LDAP.attribute_name.for.username
    Required. An attribute of the user in the LDAP server, other than a common name or a user ID, such as Security Access Manager account name. Use the property to synchronize an attribute other than a common name or a user ID from the LDAP server with the Operational Reference Store.
    LDAP.attribute_name.for.user.email
    Required. Email address of the user that you want to create.
    LDAP.strip_slashes_from_usernames
    Optional. Specifies whether to remove slashes from user names.
    For example, when a user name such as
    Boyd\
     is part of a search filter expression such as
    (&(CN=Boyd\)
    , the following error might occur: 
    InvalidSearchFilterException: Unbalanced parenthesis
    In a search expression, slashes might be treated as escape characters resulting in an unbalanced parenthesis error. To make the synchronization process work in such scenarios, you might need to remove slashes from the user names.
    You can configure the following values:
    • no. Retains slashes in the user names.
    • yes. Removes slashes from the user names.
    Default is
    no
    .
    LDAP.cleanup.before.sync
    Optional. Specifies whether to remove all the users that are assigned in an Operational Reference Store before synchronizing users with roles.
    You can configure the following values:
    • true. Removes the users that are assigned in an Operational Reference Store, and then assigns the users to roles.
      If you run the command to synchronize users with the
      -u
       option, a single user assignment is removed. Otherwise, all user assignments are removed.
    • false. Retains the users that are assigned in an Operational Reference Store.
    Default is
    true
    .
  2. Run the command to verify the LDAP server connection.
    On Windows.
    LdapConnection.cmd
    On UNIX.
    LdapConnection.sh
  3. Ensure that users and roles are created in the LDAP server and that these have corresponding roles and users in the MDM Hub.
  4. Run one of the following commands to synchronize users from the LDAP server roles to the
    MDM Hub
     roles:
    • Synchronize a single user.
      On Windows.
      LdapUserSynchronization.cmd -u <case sensitive user name>
      On UNIX.
      LdapUserSynchronization.sh -u <case sensitive user name>
      Optionally, to make the user an administrator, include
      -admin true
       in the command.
      The synchronization process assigns the user to roles.
    • Synchronize multiple users.
      On Windows.
      LdapUserSynchronization.cmd
      On UNIX.
      LdapUserSynchronization.sh
      The synchronization process assigns the users to roles.
0 COMMENTS
We’d like to hear from you!