Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Srikanth
We have recently implemented PowerCenter LDAP configuration and migrated all Native users to LDAP. Let me know if anyone has any questions on LDAP configuration and migration process.
March 8, 2012
Srikanth
Srikanth V. We implemented LDAP in following fashion. 1.Create LDAP Users and Groups. LDAP Users and Groups are created by Active Directory team instead of creating from Informatica Admin Console. We only run the synchronization to import LDAP users and groups. 2. Create PowerCenter Roles and attach the required privileges. Go to Security Tab on Admin console. 3. Following are the properties to setup LDAP security Click on Actions - LDAP Configuration a. Active Directory Server Name: xxxxx.met.com b. Port (Default: 3268) c. LDAP Directory Service (Microsoft Active Directory) d. Create a Batch ID or a User ID (Principal User) to connect to the Active Directory (password set to non-expiry). e. Name: cn=<principal user>,cn=users,dc=met,dc=com f. Password: xxxxxx g. Group Membership Attribute: Member h. Maximum Size:1000
4. Go to Security Domains tab and configure the following: a.Security Domain: Name of the Security Domain Ex: MET.COM b. User Search Base: CN=Users,DC=MET,DC=COM /*Define the below LDAP Groups for the User Filter*/ c. User Filter: (&(ObjectClass=user)(|(memberOf=CN=Finance_Group,CN=Users,DC=MET,DC=COM)(memberOf=CN=Invento ry_Group,CN=Users,DC=MET,DC=COM)(memberOf=CN=HR_Group,CN=Users,DC=MET,DC=COM))) d. Group Search Base: CN=Users,DC=MET,DC=COM e. (&(objectCategory=group)(|(sAMAccountName=Finance*)(sAMAccountName=INS_app11740*)(sAMAccountNa me=Inventory*)(sAMAccountName=HR*))) 5. Schedule: Setup the time in which you want to run the synchronization. In this case, we did it through a script. 6. Click on preview button to see list of users and groups. 7. Once you confirm the validity of users and groups, click on 'Synchronize Now' to synchronize users and groups. 8. Up on successful synchronization, you can see Users and groups are imported to PowerCenter Domain. 9. Verify the imported LDAP Groups and Users on Groups and Users section in Security tab. 9. Attach the PowerCenter Roles to appropriate LDAP Groups. Refer to PowerCenter documentation on how to attach PowerCenter Roles to Groups. 10. Log in to Repository Manager, attach the LDAP Group for each folder with appropriate privileges. If required, follow the same pattern for Connections in Workflow Manager. Refer to PowerCenter documentation on how to attach Groups to the folder. We have automated this process using scripts. Should you have any questions, let me know. Cheers, Srikanth
May 16, 2012
Ujjwal
Ujjwal M. Hi Srikanth After assigning folders to LDAP Groups. When you update LDAP userid/pwd with wrong details and try to synchronize - i couldn't see all the folders in repository manager. At first - I thought all code was gone. After
checking version history - I saw code was there and checkedout. I had to recheckin everything. have you been in this situation.
May 16, 2012
Srikanth
Srikanth V. Hi Ujjwal, Yes you are right. We must be very careful while updating the user/pwd details as well as updating LDAP queries. If you try to update with a wrong query and run the synch, all the users and groups that were imported during the previous synchronization will be wiped out from the domain and the corresponding folder privileges will be gone forever. I faced this issue in past while I was trying to update the user/group search query. Always double check the query before you update and run the synch. One best way to check the validity is through using a third party LDAP browsers like Softerra LDAP, LDAP Admin etc. Also run preview before you run the synch. -Srikanth
May 16, 2012
Ujjwal
Ujjwal M. Hi Srikanth Thanks for advise. Will keep that in mind. - Ujjwal
May 16, 2012
Rajanikanth
Rajanikanth A. Can you let me guide step to step process for this LDAP.I tried a while back in Dev process which resulted in the repository hung
June 15, 2012
Srikanth
Shaik
Shaik A. Can you let me guide step to step process for this LDAP to my mail id: tasadiqsk@gmail.com
5 months ago
Srikanth
Srikanth V. Would you please send step by step instructions if possible with screen shots to vsrikanth9@gmail.com... i know you gave more details above but it's always better to know in depth details Srikanth...
5 months ago
Paul
Paul N. I've tried several times and can only see groups, not users within the groups. Do I need both the user and group bases set up? I only want to use users.
4 months ago
Srikanth
Srikanth V. You need to specify the Group names in the User Search Query. Try the below query. Replace the CN and DC values accordingly as per your company LDAP specifications. (&(ObjectClass=user)(|(memberOf=CN=Developers,CN=Users,DC=xyz,DC=com)(memberOf=CN=Testers,CN=U sers,DC=xyz,DC=com)))
4 months ago
Bart
Bart S. I have successfully hooked into the LDAP server and can see the correct group as well as the users in the group, so I know it is reading LDAP correct. I assigned the Administrator role to the group and can verify that the
users in the group have inherited the admin permissions. However, I still cannot log into the Admin console with the users in that group. Any thoughts.
1 month ago
Prasad
Prasad S. Hi Srikanth, Can you please explain more on step 2? is that done at LDAP server ?
1 month ago
Sverre
Sverre K. I have implemented ldap. I run scheduled synchronizing in the night. Are there any possibilities to have an imediate synch to the ldap server? A sync to group membership when you log on? (Then the group must be known by Powercenter and the privilege must already bee set).
1 month ago
Saroj
Saroj M. Hi Srikanth, We wanted to have multiple groups based on privilege, so do we have to create these multiple groups in LDAP for each evironment (DEV, QA & PRODUCTION). Please advise. Also how to migrate the existing user to LDAP. Please advise. Do you have documnts which you can share, if yes can you please pass is to my gmail id (sarojm001@gmail.com) Thanks
1 month ago
Share Discussion
http://lnkd.in/z_HZDA
Manager's Choice
Group Statistics
3,759
View Group Statistics Help Center About Press Blog Careers Advertising Talent Solutions Tools Mobile Developers Publishers Language SlideShare LinkedIn Updates
Related Links
Linux Active Directory Database Data Model LDAP Authentication Multi LDAP Manage SQL Database Active Directory LDAP
Watch the Did-You-Know slideshow
Article Details
Written By: M. McGee Edited By: Jenn Walker Copyright Protected: 2003-2013 Conjecture Corporation Print this Article
Subscribe to wiseGEEK
Learn something new every day More Info...by email
enter email ad
Lightweight Directory Access Protocol (LDAP) is a method of organizing data for use with databases that follow LDAP standards. This is an open standard, so any organization is able to use the structures without paying a licensing fee. An LDAP directory is optimized for reading over writing, making it a great choice for long-term storage, but not for active databases. The free license and read-centric nature of the Lightweight Directory Access Protocol has caused it to become a popular way of organizing information in data warehouses. The most confusing aspect of LDAP is what the protocol is exactly. The Lightweight Directory Access Protocol is a method of organizing and storing data. An LDAP database is a database that stores information according to the protocol. This point becomes very muddy as terminologies merge. The Lightweight Directory Access Protocol is both open standard and cross platform. This means that any user on any system is able to easily use and manipulate LDAP databases. It also easily handles virtual database systems, allowing several databases to act like a single entity on the client side. Lastly, it incorporates Internet Protocols directly into its specification, making accessing it over an Internet connection nearly painless. Ads by Google
5 New jobs today. Apply now! Job Technical Support United States jobrapido.com
Exp: 3 to 10 Yrs, Sal: 7L to 25L PA Apply Now & Get Multiple Interviews TimesJobs.com/BHEL-Hiring-Urgent
Apply for Top Companies in Hyd. Upload Resume at Monster.Apply Now! MonsterIndia.com/Hyderabad
0-7 yrs exp; 2.1-11.3 Lakh salary Get Referred in TCS Today
www.roundone.in Upload Your CV For The Worlds No.1 Speedy Job Portal. Apply to Jobs Faster. Upload Now! Jobs www.careerbuilder.co.in
Since LDAP has a lot going for it, the protocol has become very popular as a means of storing information over a wide network. Many modern database designs have the ability to accessLDAP databases, even though they do not directly use the Lightweight Directory Access Protocol. This has extended the protocols popularity, as nearly every major database now hasLDAP built in or available through a plug-in. The way a Lightweight Directory Access Protocol database accesses and stores information has a large impact on how it is used. The protocol emphasizes reading data from the database over writing in new information. This makes adding information much slower than taking it out. Fast applications, such as bank records or online ordering, would find the methods too slow. Storage or records systems, such as inventory or tax information, work very well. The LDAP specifies a hierarchical organization for data. This is a method that is very familiar to most people and makes sorting through LDAP databases more straightforward than other systems. This organization method is often merged with Web addresses, making accessing top-level database information available through a Web browser. It is easy to think of these levels like the folders on a computer. The top level is the focus of the database, generally the name of a company or organization. Under that are sections for departments or projects within the organization. Under each of those headings are subsections within that area. On a computer, this is like a folder within a folder, each providing more specific information. Eventually, the folder, or database, will contain all of the information related to that specific topic. Ads by Google