LDAP and Central User Management

MOHAMAD_KAGNUR · April 1, 2019, 11:17am

Hi All,

Our system MWS is been configured with two services directories (system & LDAP). And our IS server is configured with Central user configured, now my question is can i use AD users credentials to login to Integration server. Its seem bit critical as we have two directories and IS is configured with central user cofigured. The system users created at MWS and provided ACLs at IS can able to login to Integration server. But i want to user LDAP user added at MWS to login into IS using same credetials. Please advise me here. How to achive this.

Regards
Shafi

system · April 2, 2019, 7:34am

You have to add Ldap Group/Role to IS>Security > Access Control Lists

Gerardo_Lisboa · April 2, 2019, 3:41pm

Hi,

As Shahbaz Khan said, you should create a LDAP query role (where its query will return all the users you want in AD).

You will then be able to map that role in an IS’s ACL.

Best regards,

MOHAMAD_KAGNUR · April 3, 2019, 8:12am

Hi Shahbaz & Gerardo,

Thanks for reply. I have tried to add the ACLs to the assigned groups of system directory.It works fine. But, as we have two directories one for LDAP and other system, and more over LDAP AD does not have any groups created. In this case how to have access to IS using same LDAP users.

Shall i ask LDAP team to create group and assign the user ? Use the same goups at MWS and IS (ACLs)

Thanks
Shafi

system · April 3, 2019, 8:53am

Hi Shafi,

Use the same LDAP group to add in MWS and IS (ACLs)

Few more points:

Users from an LDAP / external directory system cannot be added directly into a group defined i.e. created in MWS.
MWS doesn’t allow adding LDAP users to a System Group, because that operation actually requires modifying the group membership details of a user.
These details are stored in LDAP, and MWS not be able to modify these membership details.
MWS’s internal system directory service is designed in a similar fashion.

Please use below steps to add Ldap user.
1.
If you need to have the Ldap users in question belong to a group, that group must be defined in LDAP itself.
Then add that group into a role which is defined on MWS.

2

Create new Role or update existing one
Go to related Roles Members option / Edit Members
Select Group/user and search in AD directory services for group/user of LDAP directory servers
Add it - Apply

For adding Ldap Group/Role to IS, use Security > Access Control Lists in IS GUI.

Regards
Shahbaz

MOHAMAD_KAGNUR · April 12, 2019, 8:17am

Hi Shahbaz,

Thanks for details. As i said earlier in chain that i can able to link IS and MWS using system AD. And let me ask LDAP team to add groups and share the details. So we can add these groups to Roles and provide the proper Acls

Thanks
Good day!!