LDAP Containers

LDAP (Lightweight Directory Access Protocol) is an application protocol for querying and modifying directory services. LDAP containers are associated with an LDAP source. An LDAP source represents an LDAP server, which holds information about candidate resources — users — who may need to use or participate in BPM applications.

You must create at least one LDAP container from which resources can be selected and mapped to groups or positions in the organization model. You can create additional LDAP containers, if desired — additional containers may contain different LDAP sources, or they may query the same LDAP sources in a different way, resulting in a different set of resources to choose from.

Note: The recommended best practice is to create LDAP containers that show only a constrained view on the corporate LDAP. That view would ideally include only those resources that have a business role in common, that belong to a particular department, work on a particular project, etc.

The resources in an LDAP container are considered candidate resources, that is, resources that are available to map to groups and positions in the organization model

When you create an LDAP container, you can use either an LDAP query source or an LDAP group source to identify the candidate resources in the LDAP directory, as follows:
  • Using an LDAP Query Source - An LDAP query is used to identify the directory entries that will be candidate resources. For more information, see LDAP Query Sources.
  • Using an LDAP Group Source - A group DN (distinguished name) is used to identify the LDAP directory that is the group. When a group DN is specified, a member attribute is also specified, which holds the collection of member identifiers, that is, their DNs. This provides the list of candidate resources. For more information, see LDAP Group Sources.