Create an LDAP Container

LDAP containers are a collection of one or more LDAP sources. An LDAP source represents an LDAP server, which holds information about candidate resources. LDAP resources include users who might need to use or participate in TIBCO BPM Enterprise applications.

1. In the Organization Browser, click Create New LDAP Container.
2. On the New LDAP Container dialog, complete the fields as follows, then click Next.
   • Name: Enter "XYZCorp".
   • Description: Enter "XYZ Corporate Users".
   • Select organizations: XYZInsurance
3. Select source type as Query source, then complete the fields as follows:
   • Alias: Select easyAs.
   • Base DN: Leave this field blank.

     The Base DN field can include a base DN (Distinguished Name), which can be used to limit the search in the LDAP directory structure. If the LDAP directory structure is large, this can increase the efficiency of the search. You can limit the search to a branch (for example, a single organization unit) of the structure. Leaving the field blank causes the search to include the entire structure.

   • Query: Leave the default value of "(objectClass=person)".

     This is a filter string used to determine which of the resources to return from the LDAP source, and that are available as candidate resources that can be mapped to positions or groups. This allows you to limit the resources returned. For example, you may only be interested in considering resources from a specific department or region. The default value returns all resources that are people.

   • Resource name attribute(s): Change this to "ou".

     This specifies the attributes in the LDAP source that are used to determine the name users must use to log in to BPM applications. In the next step, when you click Show Sample Data, you will see the available attributes that can be specified here. In the example LDAP that is being used in this tutorial, the ou attribute contains the user's first and last name, whereas the cn attribute (the default) contains "Mr" or "Mrs" before the user's full name. You would not want to require users to enter "Mr" or "Mrs" as part of their login name.

   • Search scope: Select Sub Tree.

     This specifies the depth to perform the search in the LDAP directroy structure. "One Level" means to search only directly within the base DN level. "Sub Tree" means to search within, and below, the base DN level.

4. Click Show Sample Data.
   This displays a list of users that match the search criteria. These are the candidate resources that can be mapped to positions and groups.
5. Click Save LDAP source.
   This displays the LDAP source in a row with all the details.
6. Click Next and in the Version field, select 1.
   Additional steps are available when creating an LDAP container (such as mapping resource attributes, and setting up a container organization relationship) that are not applicable to this tutorial.

   You can learn more about those additional features in Creating an LDAP Container.

7. Click Create LDAP Resource.
   The "XYZCorp" LDAP container is created.
8. Click Show Resources.
   A list of the resources in the XYZCorp LDAP container is displayed.