Creating an LDAP connection

The administrator can create a connection to a Lightweight Directory Access Protocol (LDAP) server that provides authentication for IBM Spectrum® Discover users.

About this task

Use the Authentication Domains tab on the Access page to create an LDAP or secure LDAP (LDAPS) connection. You can create a connection that includes all users and groups that are authenticated by an LDAP server or only users or groups within a specified LDAP member range.
Note: You cannot map the LDAP roles from your connection and must use an admin user to make the role assignment because the roles between Data Cataloging and your LDAP server might be different.

Procedure

  1. From the Authentication Domains tab of the Access page, click Add Domain Connection to open the Add Domain Connection window.
  2. From the Type list, select LDAP or LDAPS.
    Figure 1. Create an LDAP connection
    Create LDAP connection in the Add Domain Connection window
  3. Enter the following information for the LDAP directory:
    Name
    Indicates a name that IBM Spectrum Discover associates with the connection to the directory that provides authentication.
    Port
    Indicates the LDAP server port that provides the connection.
    Username
    Indicates the distinguished name (DN) for the user that is used to access directory name entries. Use the following format:
    cn=relative_distinguished_name dc=domain_component
    For example,
    cn=Randy Marsh,dc=example,dc=com
    Password
    Indicates the password for the user name.
    Suffix/Base DN
    Indicates the DN that is the base of entry searches in the directory. For example:
    • dc=test
    • dc=org
    Group Name Attribute
    Indicates the LDAP attribute that is mapped to the group name.
    Group ID Attribute
    Indicates the LDAP attribute that is mapped to the group ID.
    Group Member Attribute
    Indicates the LDAP attribute that is mapped to show group membership.
    Group Object Class
    Indicates the LDAP object class for groups.
    Group Tree DN
    Indicates the DN that is the base for group searches.
    Username Attribute
    Indicates the LDAP attribute that is mapped to the user name.
    User ID Attribute
    Indicates the LDAP attribute that is mapped to the user ID.
    User Object Class
    Indicates the LDAP object class for users.
    User Tree DN
    Indicates the DN that is the base for user searches.
  4. Click Connect.