LDAP Containers

LDAP (Lightweight Directory Access Protocol) is an application protocol for querying and modifying directory services. LDAP containers are a collection of one or more LDAP sources. An LDAP source represents an LDAP server, which holds information about candidate resources — users — who may need to use or participate in TIBCO applications.

You must create at least one LDAP container from which resources can be selected and mapped to groups or positions in the organization model. You can create additional LDAP containers, if desired — additional containers may contain different LDAP sources, or they may query the same LDAP sources in a different way, resulting in a different set of resources to choose from.

Note: The recommended best practice is to create LDAP containers that show only a constrained view on the corporate LDAP. That view would ideally include only those resources that have a business role in common, that belong to a particular department, work on a particular project, etc.

Every LDAP container must include one primary LDAP source. It can also include one or more secondary LDAP sources, as follows:

  • Primary LDAP Source - The primary LDAP source identifies the candidate resources that are available to map to groups and positions in the organization models.
  • Secondary LDAP Source(s) - If there are secondary LDAP sources defined, they are used to find additional information about each candidate resource.

For more information, see Primary and Secondary Sources.

When you are specifying primary and secondary sources for an LDAP container, you can use either an LDAP query source or an LDAP group source to identify the candidate resources in the LDAP directory, as follows:
  • Using an LDAP Query Source - An LDAP query is used to identify the directory entries that will be candidate resources. For more information, see LDAP Query Sources.
  • Using an LDAP Group Source - A group DN (distinguished name) is used to identify the LDAP directory that is the group. When a group DN is specified, a member attribute is also specified, which holds the collection of member identifiers, that is, their DNs. This provides the list of candidate resources. For more information, see LDAP Group Sources.