The Lightweight Directory Access Protocol (LDAP) is an open industry standard that has evolved to share information between distributed applications on the same network, organize information in a clear and consistent manner, and prevent unauthorized modification or disclosure of private information. In recent years, LDAP has gained wide acceptance as the directory access method of the Internet, and becomes strategic within corporate intranets.
You can use LDAP to manage basic login authentication directly on the server, in other words, you no longer need to use the user security exit.
Requirements
The Content Manager OnDemand library server supports all LDAP servers that support the LDAP V3 Specification.
How Content Manager OnDemand works with LDAP
When a Content Manager OnDemand client makes a login request to the Content Manager OnDemand server, if you enabled LDAP authentication in the server, the Content Manager OnDemand server makes an authentication request to the LDAP through either an anonymous or credentialed bind.
This initial call accesses the LDAP server, searches for the user's credentials and finds the user's distinguished name (DN). If the user's DN is found, the Content Manager OnDemand server makes another call to the LDAP server using that DN to confirm that the password that was given by the user is correct. If the password is correct, the LDAP server returns a mapped attribute in LDAP, which is usually the Content Manager OnDemand user ID. The Content Manager OnDemand server takes the attribute, and proceeds with its login.
Enabling LDAP authentication
To enable LDAP authentication, in the Content Manager OnDemand Administrator client, right-click your Content Manager OnDemand server, and select System Parameters. In the System Parameters window, under LDAP Authentication, select the Enable check box. Under Login Processing, select the Password Case Sensitive check box.
To disable LDAP authentication, clear the Enable check box.
You must also add information about the LDAP server and the LDAP attributes that are used for authentication to the ARS.CFG file for the instance. Then, after enabling LDAP support, you must stop and restart the Content Manager OnDemand server for the changes to take effect.