Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • 0222 ILM LDAP Installation5,32HF2

    Загружено:

    Sourajit Mitra
    18 просмотров5 страниц
    ,

    Авторское право

    © © All Rights Reserved

    Доступные форматы

    PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    ,

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    18 просмотров5 страниц

    0222 ILM LDAP Installation5,32HF2

    Загружено:

    Sourajit Mitra
    ,

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 5

    Installing the LDAP Plug-in for ILM Products

    (Version 5.3.2 HotFix 2 to 5.3.4)

    2010-2011 Informatica Corporation

    Abstract
    This article explains how to install a plug-in that authenticates LDAP users for the ILM products.

    Supported Versions

    ILM Products 5.3.2 HotFix 2 - 5.3.4

    Table of Contents
    Overview ........................................................................................................................................................................... 2
    LDAP Authentication Setup .............................................................................................................................................. 2
    Usage................................................................................................................................................................................ 4
    Upgrade from Previous ILM Versions ............................................................................................................................... 5
    Current Limitations ............................................................................................................................................................ 5

    Overview
    These instructions are for customers who want to authenticate users outside of the ILM application. No corporate
    passwords are stored in the ILM databases. Currently the following LDAP products are supported:

    Sun LDAP

    Active Directory

    LDAP Authentication Setup


    1.

    Shut down the ILM product.

    2.

    Modify the conf.properties file as follows:


    authenticationMethod=LDAP

    The following properties are used by the "Sync with LDAP Server" service and map LDAP attributes to values in
    the AM_USERS table:

    LDAP attribute name that maps to the ILM user name (AM_USERS.USER_NAME):
    ldap.attribute.userName

    LDAP attribute name that maps to the ILM full user name (AM_USERS.FULL_NAME):
    ldap.attribute.fullName

    LDAP attribute name that maps to the email address (AM_USERS.EMAIL_ADDRESS):


    ldap.attribute.email

    LDAP attribute name that maps to the email address (AM_USERS.ORGANIZATION_NAME):


    ldap.attribute.organizationName

    If these properties are not set in conf.properties they default to the following values:

    3.

    Property Name

    Sun LDAP

    Active Directory

    ldap.attribute.userName

    uid

    sAMAccountName

    ldap.attribute.fullName

    uid

    displayName

    ldap.attribute.email

    mail

    mail

    ldap.attribute.organizationName

    If this property is not set then the user's Organization Name will be set to "LDAP User".

    Start the ILM application.

    Note: Once LDAP authentication has been enabled and the ILM application restarted, the only local user available will
    be AMADMIN.
    Once the installation steps above have been completed you can verify that the installation was successful by
    completing the following steps:
    1.

    After login as AMADMIN go to the Jobs > Schedule a Job menu.

    2.

    Select the Standalone Programs option. Then, click the Add Item button. From the pop-up box scroll down and
    choose Sync with LDAP Server program.

    3.

    Once selected at the bottom of the definition click the button next to the LDAP System label. If all was installed
    correctly the below screen is what should be seen.

    Usage
    Once verification of the installation has been successful, the AMADMIN user needs to submit the Sync with LDAP
    server standalone program which will synchronize the ILM users with LDAP. The Sync with LDAP Server program
    parameters (required parameters are in bold) are as follows:

    Host of LDAP server: ldap.mycompany.com


    This entry is just the IP address or the DNS name of the machine that is your LDAP application.

    LDAP port: 389


    This entry is the port on the machine that contains your LDAP application.

    User: corpid@domain.com
    The user is any user that has authorization to login into the LDAP application and perform basic filtering.

    Password
    The password for the user in step 3.

    Search Base: OU=MYTEAM,OU=USA,DC=mycompany,DC=com


    The search base is where the LDAP definition will start before executing the filter.

    User Filter: (objecttype=EMPLOYEE)


    The user filter is a simple or even complex combination of conditions that help determine which users are
    selected.

    Note: This version of the definition does not support following paths. Only users in the Search Base will be
    filtered.

    Group Base: OU=GROUPS,DC=mycompany,DC=com


    Optionally, this entry sets the base entry in the LDAP tree where you can select which group(s) you want to use
    that will further filter out users from the User Filter.

    Group Filter: CN=MYGROUP


    Optionally, this entry determines which groups are selected. After the User Filter has returned the result set back
    to the application those users will then be compared to users only in the group(s) selected. From here only true
    matches are then added into ILM.

    LDAP System: LOV


    Allows the user to select which LDAP application they have implemented.

    Once the job is scheduled it will immediately execute based upon the values provided for the attributes above. The
    definition operates in the following order:
    1.

    Log in to the LDAP application and execute filter based upon values placed in User Base and User Filter.

    2.

    If the Group Base and Group Filter attributes are defined, the definition will get any group(s) requested and filter
    out all users returned from the User Filter. If not, skip this step.

    3.

    Once all the users from the LDAP application have been determined the job create entries for new users or
    update entries for existing users. Users are given a very basic role (Platform - Users) allowing them to login but no
    other rights. The administrator will have to setup the newly added LDAP users with application specific roles.

    4.

    Entries are also added to a new table (AM_USER_LDAP). These entries allow so users from many different OU
    (Organizational Units) etc to be added into the application. When a user logs in their correct LDAP context is
    retrieved and used in the authentication process with the LDAP application.

    5.

    Closes connection and finishes.

    Upgrade from Previous ILM Versions


    Customers upgrading to 5.3.2 HF2 from previous versions of ILM and who are already using LDAP authentication must
    follow these steps:
    1.

    Shut down the ILM web server.

    2.

    Back up the ILM Home schema.

    3.

    Modify the conf.properties file. See LDAP Authentication Setup on page 2.

    4.

    Start the ILM server.

    5.

    Resubmit the Sync with LDAP Server service.

    Current Limitations
    Group filtering does currently not work. The Group Base and Group Filter service attributes should be left blank.

    Authors
    Data Archive for Application Retirement Team

    Вам также может понравиться