LDAP Sync

To populate the MFT database with LDAP users, you must synchronize TIBCO MFT Command Center with an LDAP server. To bind to the LDAP server, you must set up an authenticator. After the authenticator is configured and tested, you can run an LDAP synchronization.

Note: For more information on how to set up an LDAP authenticator, see Add Authenticator.

By default, synchronization to the TIBCO MFT Command Center database pulls in the user name, full name, email address (if defined), phone number (if defined), and department (if defined) for the directory user contained in the LDAP sync group, and any rights assigned to the user if rights management is enabled on the authenticator.

Note: To synchronize LDAP authenticators, you must have TIBCO MFT Command Center AdministratorRight.
Synchronization can be performed in the following three different ways:
  • Manual Sync: you can perform a manual synchronization through the LDAP Sync page to synchronize a single user or all LDAP users.
    Note: To perform manual synchronization, you must be an administrator.
  • Scheduled Sync: you can perform a scheduled synchronization once a day by setting up the parameters in the LDAP Settings subsection in the Global Setting section on the System Configurations page which can be accessed by clicking Administration > System Configurations. By default, this is disabled.
    Note: If you have a TIBCO MFT Command Center and TIBCO MFT Internet Server sharing the same database, the synchronization can be configured to be performed by either server.
  • Automatic Sync: this synchronization occurs when an LDAP user logs into the TIBCO MFT Command Center system and authenticates against the LDAP server.
Note: If for any reason a user fails to be synchronized, you can find further information on the cause by reading the ldap_sync_report_messages-MFT-xxxx-xx-xx.txt report that is located in <MFT_Install>\logs\message directory; where, xxxx-xx-xx represents the date on which the synchronization took place.