LDAP/ AD Integration to UM

Srinivasan_Chandrashekar1 · July 7, 2016, 10:04am

Hi All,

We are trying to integrate UM to the LDAP/ AD. The activities what we anticipate to perform are:

Create Group as Publishing, Subscribing in the LDAP/ Microsoft AD

In the Nirvana Enterprise Manager - Security Groups, assign this LDAP group

Configure all UM Authentication & Authorization would happen in LDAP/ AD

What would be the expected outcome:-
a) User tries to login to publish a message
b) User gets authenticated against LDAP/ AD
c) User LDAP/ AD Role is checked against what is assigned to the Security Group
d) Based on whether the user is assigned to this security group or not, the user should be able to/ get prevented from performing the subsequent tasks.

Would appreciate your answers to this, let me know if you have any queries.

thanks,

Srini

Jonathan_Heywood · July 7, 2016, 10:22am

Srini,
LDAP with UM can only be used for authentication of users, i.e. checking their password. You cannot use LDAP group membership to drive authorization within UM.
You could achieve this, however, by writing some code that creates UM groups that match the LDAP groups and sets the relevant users to be members of those groups. This can be done using the public UM admin API.
You would then schedule this program to run on a regular basis, e.g. daily, depending on the anticipated frequency of group membership updates in LDAP.

Srinivasan_Chandrashekar1 · July 7, 2016, 11:22am

Thanks Jonathan for your quick response, appreciate!!
your feedback helps me to decide on the next course of action.

Cheers

Srini