Creating an LDAP Container

You must create at least one LDAP container from which resources can be selected and mapped to groups/positions in the organization model.

You can create additional LDAP containers, if desired — additional containers may contain different LDAP sources, or they may query the same LDAP sources in a different way, resulting in a different set of resources to choose from.

Note: The recommended best practice is to create LDAP containers that show only a constrained view on the corporate LDAP. That view would ideally include only those resources that have a business role in common, that belong to a particular department, work on a particular project, etc.

The number of LDAP containers has no impact on runtime performance, although it does provide a more responsive feel when performing administrative functions with the Organization Browser.

Creating an LDAP container can consist of the following tasks:

  • Defining the primary LDAP source - Each LDAP container must contain a primary LDAP source — all resources from the primary LDAP source (subject to a filter query) are included in the list of potential resources for use in the BPM application. For more information, see Defining the Primary LDAP Source.
  • Optionally defining one or more secondary LDAP sources - If there are secondary LDAP sources defined, they will be used to find additional information about each potential resource from the primary LDAP source. Lookups are performed into each secondary LDAP source. If an exact match of a potential resource can be found in every secondary LDAP source, the data from all sources is merged together. In other cases, the potential resource may be omitted or labeled invalid. For more information, see Defining One or More Secondary LDAP Sources.
  • Optionally setting up organization relationships - Organization relationships can limit the organizations that resources can see when using the Organization Browser, as well as the positions to which resources can be mapped. For more information, see Container Organization Relationships.
  • Optionally mapping resource attributes - Mapping resource attributes allows processes to access data in LDAP sources at runtime. For more information, see Mapping Resource Attributes.