Configuring TIBCO ActiveMatrix BPM to Use a New LDAP Directory Server
All users that access TIBCO ActiveMatrix BPM must exist in the LDAP-compliant corporate directories used by the enterprise. At installation, you configure TIBCO ActiveMatrix BPM to use an LDAP directory on an LDAP directory server. You may subsequently need to change that configuration to use a new directory or a new LDAP directory server. You can also change the tibco-admin user’s password.
For information about the concepts behind resource management in TIBCO ActiveMatrix BPM, see TIBCO ActiveMatrix BPM Concepts .
At installation, you must configure TIBCO ActiveMatrix BPM to use at least one given LDAP directory on an LDAP directory server. (You can use multiple LDAP directories and/or LDAP directory servers depending on your requirements.) The authentication and connection information for the LDAP directory you specify during installation is automatically configured in TIBCO ActiveMatrix Administrator. If you want to configure TIBCO ActiveMatrix BPM to use new LDAP directories, you must create new LDAP shared resources in TIBCO ActiveMatrix Administrator - see Configuring a New LDAP Shared Resource for TIBCO ActiveMatrix BPM.
Once you have configured TIBCO ActiveMatrix BPM to use a new LDAP directory in TIBCO ActiveMatrix Administrator, you can access that directory from OpenSpace or Workspace and use it to create new LDAP containers. You can then map resources from this container to positions and groups in the organization model. See the Organization Browser User’s Guide for a full description of creating LDAP containers.
TIBCO ActiveMatrix BPM requires a single user to be configured as the tibco-admin user. The tibco-admin user is used to administer TIBCO ActiveMatrix BPM. This is the only user who is authorized to login until further users are configured (by using the Organization Browser in OpenSpace or Workspace to create LDAP containers and map resources). The tibco-admin user is simply an alias to a real LDAP user. The underlying LDAP user can be any user and have any name conforming to any naming conventions.
When you install TIBCO ActiveMatrix BPM, if you choose to:
- install the internal LDAP directory server, the tibco-admin user is created automatically. See Changing the tibco-admin User’s Password.
- use an existing external LDAP directory server, you must configure the tibco-admin user yourself. During installation, you are asked to specify the full Distinguished Name (DN) and password of an existing LDAP user. This information defines the identity of the real user when logging in as tibco-admin.