Integrate with an LDAP Server
You can integrate PPM with any LDAP v3-compliant server such as Microsoft Windows Active Directory. Integrating with an LDAP server helps minimize the setup and maintenance costs associated with user account management. With an LDAP server, the PPM Server authenticates users directly to the LDAP directory server, and does not store passwords in the PPM database.
Note: This section addresses LDAP directory server integration with a PPM. For information on how to import users from LDAP and on LDAP authentication, see the Open Interface Guide and Reference.
In an LDAP environment, the PPM Server authenticates users in the following way:
-
The PPM Server binds to the LDAP server using the credentials supplied in the
KINTANA_LDAP_ID
andKINTANA_LDAP_PASSWORD
server configuration parameters. If passwords are not supplied in theserver.conf
file, the PPM Server performs anonymous authentication. -
The PPM Server tries to obtain the user name by supplying a search filter to the LDAP server in the format
uid=user name
. Theuid
attribute can vary from one LDAP server to another, depending on the information supplied in theserver.conf
file. -
If the PPM Server obtains a name, it tries to rebind to the LDAP server using the name and the password supplied by the user.
-
If more than one LDAP server has been specified in the
LDAP_URL server.conf
parameter, the PPM Server tries to authenticate against all LDAP servers until it succeeds. If the referral option is enabled, and the user is not logged on to the primary server, the PPM Server also checks the referral server for authentication.