Authenticators

With the Administration > Authenticators option, you can add and manage LDAP authenticators.

MFT users can be added to the MFT database manually, through the Java command line utility, and by authenticating to an LDAP server such as Active Directory. MFT provides easy integration with LDAP servers, which is configured from the Add Authenticator page and tested from the Manage Authenticators page. By default, the LDAP user’s login ID, full name, email address (optional), and telephone number (optional) are pulled into the TIBCO MFT Internet Server database. In addition, to controlling user’s details being pulled from the LDAP server, the administrator can optionally set up what TIBCO MFT Internet Server rights are assigned to those LDAP users.

To add and manage LDAP authenticators, users must have TIBCO MFT Command Center AdministratorRight in the system.

To allow TIBCO MFT Command Center to authenticate and synchronize with an LDAP server, you must have the following items on the LDAP server configured:

  • You must know the host information, such as the IP and port of the LDAP servers that you will be authenticating to.
  • You must know the Bind User DN and password.
  • You must have a container such as an OU, or group which contains the specific users to be sync’d with the MFT database; for example, OU=MFT users would contain all users which will sync with MFT. The following figure is an example.
  • You must know the User Base DN and Group Base DN where the sync group is located.
Note: When using non-AD servers; groups must contain the object class, groupofUniqueNames, and users must contain the object class, inetOrgPerson.

Example of the active directory setup: