Enabling LDAP authentication
You can use Lightweight Directory Access Protocol (LDAP) or Secure LDAP (LDAPS) with IBM® App Connect Enterprise for two purposes: administration security and message flow security. Administration security controls users' permissions to access integration nodes, integration servers, and their resources, and to complete administrative tasks. Message flow security controls access to individual messages in a message flow, by using the identity of the messages. This topic describes part of the process for using LDAP for administration security. Web user accounts can be authenticated against a Lightweight Directory Access Protocol (LDAP) or Secure LDAP (LDAPS) server. You can authenticate web users by using the REST API, the web user interface, the IBM App Connect Enterprise Toolkit, or custom integration applications that use the Integration API.
Before you begin
- IBM Tivoli® Directory Server
- Microsoft Active Directory
- OpenLDAP
About this task
You can enable LDAP authentication for an integration node, as described in Enabling an integration node and its node-managed integration servers to use LDAP for administration authentication. You can also enable LDAP authentication for an integration server, as described in Enabling an independent integration server to use LDAP for administration authentication.
If a web user account has a local password, and LDAP authentication is enabled, the local password is ignored. When LDAP authentication is enabled, all web user logins must be authenticated by using LDAP. Any local passwords are ignored.
Enabling an integration node and its node-managed integration servers to use LDAP for administration authentication
About this task
Procedure
Enabling an independent integration server to use LDAP for administration authentication
Procedure
What to do next
You might want to authorize users for administration. For more information, see Authorizing users for administration.