LDAP Planning Guidance
ColleenMcCretton 270002FD5R Visits (3805)
When you plan to use application server security to authenticate TPAE/Maximo users against an external directory you also have the option to synchronize users and/or groups and group memberships. There are a few decisions you need to make before you begin.
Who will be synchronized?
You can use a standard LDAP filter to synchronize a subset of users into the system. These users can be in a pre-defined OU, role or group or can simply meet a standard query. Synchronizing a subset of users will improve the performance of the sync and also improve your license compliance. If you have a registered user license, any user in the system must be licensed if they are in an ‘Active’ status.
What if we need to sync users from multiple places?
If you have users in different entities in the same directory you can use multiple instances of the sync process to ‘grab’ different OUs, for example. This can be used with either sync process.
Which sync process will we use?
The system comes with two different processes that can be used to synchronize users.
What if I use a directory other that Microsoft Active Directory or IBM Tivoli Directory Server?
These two directories are the only ones that are currently supported. By modifying a class file and the xml mappings in the cron task instance integration with other directories such as Oracle, Sun and Siemens has been implemented through services and partners at several customer locations. There is no current roadmap for extending product support to additional directory platforms.
For more guidance, see the Security section in the Maximo 7.5 information center (htt