Configuring for LDAP

You can configure an external LDAP server for user authentication.

If you want to authenticate to an LDAP user registry, configure an LDAP V2 or V3 registry.

When using LDAP and/or VMM the LDAP users and/or groups are always stored in LDAP/VMM and do not need to be created in TADDM. TADDM is used only to assign roles to the LDAP users and groups. Only these user/group to role mappings, known as permissions, need to be created and stored in TADDM. The administrator user ID is a special internal TADDM user that is always processed using file-based security regardless of what user registry is configured. This user can always be used to initially assign roles to the LDAP users and groups.

To use LDAP or VMM for user authentication, complete the following steps:

  1. Configure TADDM to use the LDAP registry by configuring the appropriate properties in the collation.properties file.
  2. Log into the Data Management Portal using the TADDM administrator user ID.
  3. Complete one of the following steps:
    • In the Users pane, use the Search Users field to search the LDAP registry for the appropriate user.
    • In the User Groups pane, use the Search Groups field to search the LDAP registry for the appropriate user group.
    Note: The search results list the users or group names returned by the LDAP registry search. It is not a means to create users, or copy users from LDAP into TADDM. The purpose of the list is to display what TADDM permissions need to be created for the users.
  4. After the user (or group) is listed, assign the required TADDM roles to them.
    Only these permissions, and not the LDAP users (or groups), are stored in TADDM.
To configure SSL for LDAP, complete the following steps:
  1. In the collation.properties file, locate the following property, and change the value of the property from false to true:
    com.collation.security.auth.ldapUseSSL
  2. Configure the following truststore and keystore properties, as appropriate:
    com.collation.security.auth.ldapClientKeyStore
    com.collation.security.auth.ldapClientKeyStorePassphrase
    com.collation.security.auth.ldapClientTrustStore
    com.collation.security.auth.ldapClientTrustStorePassphrase
  3. If necessary, change the port on which the LDAP server is listening for SSL connections by configuring the following property:
    com.collation.security.auth.ldapPortNumber