![]() |
Copyright © TIBCO Software Inc. All rights reserved. |
You can manage iProcess user, group, role and attribute data through any LDAP-compliant directory service, such as X.500, Microsoft Active Directory, Open LDAP or Oracle Internet Directory. For detailed information about the supported LDAP versions, see TIBCO iProcess Engine Installation.iProcess user data (that is - user, group, role and attribute data) is maintained as part of the LDAP directory. For each LDAP directory entry that represents an iProcess user, LDAP directory attributes are mapped to corresponding iProcess properties. iProcess Engine can use these entries in the LDAP directory as possible iProcess users, rather than creating operating system accounts for each registered iProcess user. This information is kept as part of the iProcess database.
Whenever the iProcess Engine performs a MoveSysInfo operation, it sends a synchronization request to the iProcess BG process to obtain iProcess user data from the LDAP directory. The synchronization request:
• User administration. iProcess user data must be created and maintained in the LDAP directory using LDAP directory administration tools. When the iProcess Engine is running against the LDAP directory, you cannot add, modify or delete iProcess users, groups, roles or attributes using SWDIR\bin\swutil or the TIBCO iProcess Administrator.
• LDAPCONF. LDAPCONF is a utility which allows you to manage the interface between the LDAP server and the iProcess Engine. See The LDAPCONF Utility for more information.
• MoveSysInfo. When you perform a MoveSysInfo operation, it synchronizes the iProcess Engine’s current user data with the contents of the LDAP directory. See Automating Synchronization for more information.
![]() |
Copyright © TIBCO Software Inc. All rights reserved. |