Integrating with an LDAP Server

You can integrate PPM with any LDAP v3-compliant server such as Microsoft Windows Active Directory. Integrating with an LDAP server helps minimize the setup and maintenance costs associated with user account management. With an LDAP server, the PPM Server authenticates users directly to the LDAP directory server, and does not store passwords in the PPM database.

Note: This section addresses LDAP directory server integration with a PPM. For information on how to import users from LDAP and on LDAP authentication, see the Open Interface Guide and Reference.

In an LDAP environment, the PPM Server authenticates users in the following way:

  • The PPM Server binds to the LDAP server using the credentials supplied in the KINTANA_LDAP_ID and KINTANA_LDAP_PASSWORD server configuration parameters. If passwords are not supplied in the server.conf file, the PPM Server performs anonymous authentication.

  • The PPM Server tries to obtain the user name by supplying a search filter to the LDAP server in the format uid=user name. The uid attribute can vary from one LDAP server to another, depending on the information supplied in the server.conf file.

  • If the PPM Server obtains a name, it tries to rebind to the LDAP server using the name and the password supplied by the user.

  • If more than one LDAP server has been specified in the LDAP_URL server.conf parameter, the PPM Server tries to authenticate against all LDAP servers until it succeeds. If the referral option is enabled, and the user is not logged on to the primary server, the PPM Server also checks the referral server for authentication.