Create an LDAP Container

LDAP containers are a collection of one or more LDAP sources. An LDAP source represents an LDAP server, which holds information about potential resources. LDAP resources include users who might need to use or participate in ActiveMatrix BPM applications.

Prerequisites

The example EasyAs Insurance Company data must be available in an LDAP shared resource. The WelcomeUsers application retrieves user details from this shared resource. There are two options to access this:

  • If the ActiveMatrix BPM runtime installation includes the internal LDAP directory server, then the resources will automatically be available.
  • However, if the installation does not include the internal LDAP directory server, import the data from the supplied server.xml and easyAsInsurance.ldif files to an external LDAP directory server. See the documentation for the LDAP directory server to import these files.

The creation of an LDAP container defines the following:

  • A pool of candidate resources for the application.
  • The Username that each user must use when they log on to the application. This must be unique.

Some LDAP abbreviations:

  • DN: Distinguished Name.
  • cn: Common Name.
  • ou: Organizational Unit Name.

The default value for the Base DN field is empty. This makes sure that the search results include the whole of the LDAP resource, and are not restricted to a particular branch.

The default filter for the Query field is: (ObjectClass=person). This makes sure that the search results only include potential users.

The Query and Resource Name Attribute(s) fields can use LDAP attributes.

The easyAs LDAP source includes a user, Clint Hill. The information about Clint includes the following:

  • cn: Mr Clint Hill.
  • ou: Clint Hill.

The default value for Resource Name Attribute(s) is cn.

With the value of cn, Clint would have to log on as Mr Clint Hill. However, if Resource Name Attribute(s) is set to ou, Clint can log on as Clint Hill.

The available LDAP attributes vary from LDAP source to LDAP source.

Any LDAP resources that a system administrator has already created as an ActiveMatrix BPM resource, and mapped the user to a position or group in an organization model for a particular application, do not appear in the LDAP container. See: Map a User to the Tester Position in the Organization Model. Therefore, there might be fewer resources in the LDAP container than in the LDAP resource.

Procedure

  1. Click LDAP Container.
    The LDAP containers window opens, with the message: *** No LDAP Containers defined ***.
  2. Click Add a new LDAP container.

    The Add a new LDAP Container window opens.

  3. Enter XYZ Corporate Users in the Name and Description fields, leave Organizations empty, and click Add Query Source.

    The Add new LDAP Source window opens.

  4. From the Alias list, select easyAs.
    This identifies an LDAP source that can provide suitable resources.
    The window shows the Connection URL.
  5. With the default value of cn for Resource Name Attribute(s), click one of the numbers to the right of Show sample of LDAP Entities.
    The number only defines the maximum number of search results in the sample, and not the number of resources in the LDAP container.

    The window shows the search results from the LDAP source.

    The search results include the LDAP attributes that are available from the LDAP source, and the respective values for each resource.

    If necessary, scroll down to see the results.

    Use the search results to determine the most applicable LDAP attribute to use for the easyAs LDAP source.

  6. Enter ou in the Resource Name Attribute(s) field.
    The window clears the previous search results.
  7. Click one of the numbers to the right of Show sample of LDAP Entities
    The window shows the new search results from the LDAP source.
  8. Click Save to save the LDAP source definition.
    Save is only available after a search.
    The Add a new LDAP Container window shows the LDAP source, and the search query for the XYZ Corporate Users LDAP container.
  9. Click Save to save the LDAP container definition.

    The LDAP containers window shows the XYZ Corporate Users LDAP container.

  10. Select the XYZ Corporate Users LDAP container, and click Show Resources.

    The Resources window opens with the list of resources available from the XYZ Corporate Users LDAP container.

    The list includes the values from the LDAP attribute defined by the Resource Name Attribute(s) field.

    For this tutorial, this is the ou attribute.

What to do next

Check that the values for each of the users in the Resources list are applicable for them to use as a Username when they log on, and are unique to each user.

It is possible to change individual values during the procedure: Map a User to the Tester Position in the Organization Model. However, a system administrator would not wish to edit the information for many users.

Next topic: Map a User to the Tester Position in the Organization Model
Previous topic: Log on to Openspace and Start the Organization Browser