Copyright © TIBCO Software Inc. All rights reserved.
Copyright © TIBCO Software Inc. All rights reserved.


Chapter 1 Overview : Using the iProcess Engine With an LDAP Directory Service

Using the iProcess Engine With an LDAP Directory Service
You can manage iProcess user, group, role and attribute data through any LDAP-compliant directory service, such as X.500, Microsoft Active Directory, Open LDAP or Oracle Internet Directory. For detailed information about the supported LDAP versions, see TIBCO iProcess Engine Installation.
Why Use LDAP?
Managing user information is a complex problem for modern organizations, often involving the management of separate and incompatible user directories; each of which has to be updated every time an employee joins, leaves, changes department or personal details and so on.
LDAP offers a solution to this problem by providing:
How Does iProcess Work With LDAP?
iProcess user data (that is - user, group, role and attribute data) is maintained as part of the LDAP directory. For each LDAP directory entry that represents an iProcess user, LDAP directory attributes are mapped to corresponding iProcess properties. iProcess Engine can use these entries in the LDAP directory as possible iProcess users, rather than creating operating system accounts for each registered iProcess user. This information is kept as part of the iProcess database.
You can also optionally use LDAP to provide integral user validation; that is, LDAP passwords can be used to validate users.
Whenever the iProcess Engine performs a MoveSysInfo operation, it sends a synchronization request to the iProcess BG process to obtain iProcess user data from the LDAP directory. The synchronization request:
1.
2.
Differences from Normal iProcess Operation
Using the iProcess Engine with an LDAP directory differs from normal iProcess operation in three areas:
User administration. iProcess user data must be created and maintained in the LDAP directory using LDAP directory administration tools. When the iProcess Engine is running against the LDAP directory, you cannot add, modify or delete iProcess users, groups, roles or attributes using SWDIR\bin\swutil or the TIBCO iProcess Administrator.
LDAPCONF. LDAPCONF is a utility which allows you to manage the interface between the LDAP server and the iProcess Engine. See The LDAPCONF Utility for more information.
MoveSysInfo. When you perform a MoveSysInfo operation, it synchronizes the iProcess Engine’s current user data with the contents of the LDAP directory. See Automating Synchronization for more information.

Copyright © TIBCO Software Inc. All rights reserved.
Copyright © TIBCO Software Inc. All rights reserved.