Create an LDAP Container
LDAP containers are a collection of one or more LDAP sources. An LDAP source represents an LDAP server, which holds information about potential resources. LDAP resources include users who might need to use or participate in ActiveMatrix BPM applications.
Prerequisites
The example EasyAs Insurance Company data must be available in an LDAP shared resource. The WelcomeUsers application retrieves user details from this shared resource. There are two options to access this:
- If the ActiveMatrix BPM runtime installation includes the internal LDAP directory server, then the resources will automatically be available.
- However, if the installation does not include the internal LDAP directory server, import the data from the supplied server.xml and easyAsInsurance.ldif files to an external LDAP directory server. See the documentation for the LDAP directory server to import these files.
The creation of an LDAP container defines the following:
- A pool of candidate resources for the application.
- The Username that each user must use when they log on to the application. This must be unique.
Some LDAP abbreviations:
- DN: Distinguished Name.
- cn: Common Name.
- ou: Organizational Unit Name.
The default value for the Base DN field is empty. This makes sure that the search results include the whole of the LDAP resource, and are not restricted to a particular branch.
The default filter for the Query field is: (ObjectClass=person). This makes sure that the search results only include potential users.
The Query and Resource Name Attribute(s) fields can use LDAP attributes.
The easyAs LDAP source includes a user, Clint Hill. The information about Clint includes the following:
- cn: Mr Clint Hill.
- ou: Clint Hill.
The default value for Resource Name Attribute(s) is cn.
With the value of cn, Clint would have to log on as Mr Clint Hill. However, if Resource Name Attribute(s) is set to ou, Clint can log on as Clint Hill.
The available LDAP attributes vary from LDAP source to LDAP source.
Any LDAP resources that a system administrator has already created as an ActiveMatrix BPM resource, and mapped the user to a position or group in an organization model for a particular application, do not appear in the LDAP container. See: Map a User to the Tester Position in the Organization Model. Therefore, there might be fewer resources in the LDAP container than in the LDAP resource.
Procedure
What to do next
Check that the values for each of the users in the Resources list are applicable for them to use as a Username when they log on, and are unique to each user.
It is possible to change individual values during the procedure: Map a User to the Tester Position in the Organization Model. However, a system administrator would not wish to edit the information for many users.