Share this page
Plan for LDAP
This topic describes how to work with LDAP for user management.
Important considerations
Management of both LDAP and native, internal users is not supported simultaneously. After you configure for LDAP user management, you cannot return back to native, internal user management.
Tip: Native, internal users are no longer able to log in to OpenText Core Software Delivery Platform after LDAP is configured. You have to include or import them as LDAP users. Therefore, we recommend that you deactivate these users after LDAP configuration.
How LDAP users are authenticated
OpenText Core Software Delivery Platform authenticates LDAP users when they log in.
-
When logging in, the LDAP user enters the name and password.
-
OpenText Core Software Delivery Platform performs the following checks:
-
It looks up the name in its list of LDAP users.
-
It locates the corresponding LDAP dn for the LDAP user.
-
It locates the user using the mapping settings defined in Settings
> Site > Servers under the LDAP Configuration section. For details, see Set up LDAP. -
It locates the user in LDAP by dn to see if the user is authenticated.
-
Create users based on your LDAP system
You manage your users using your organization's LDAP system.
However, you use one of the following methods to take the details about existing users in your LDAP system and import them into OpenText Core Software Delivery Platform.
| Method | Description |
|---|---|
| Export and import |
Export LDAP users to a CSV file, and then import the CSV file using OpenText Core Software Delivery Platform Settings. See Import LDAP users. This is useful for first-time LDAP configuration, when you have many LDAP users to add at one time. |
| Add users from LDAP |
Add LDAP users in the OpenText Core Software Delivery Platform Settings area. This is useful for adding LDAP users periodically, without having to re-export and re-import. See Set up LDAP. |
| REST API |
You can create an LDAP user using the REST API by posting the user with certain LDAP attributes. You cannot use the REST API to import existing LDAP users from a CSV file. You can only create new ones manually that represent the details of the existing users in the LDAP system. For details about using the REST API to create users, see POST: Create a user. |
How LDAP users are identified and added
This section explains how your LDAP users are mapped to existing users in OpenText Core Software Delivery Platform, if any exist.
Determining a user match
To determine a match, the following details of each imported LDAP user are compared to the existing user information in OpenText Core Software Delivery Platform.
| LDAP User Attribute | OpenText Core Software Delivery Platform User Field |
|---|---|
| The immutable LDAP UUID (universally unique ID) | uid |
| The logon name | Login Name (name field in REST API) |
For a summary of how OpenText Core Software Delivery Platform and LDAP attributes are mapped, see Mapping.
Handling a user match
If either of the above attributes match, the imported LDAP user is considered existing, and the details of the OpenText Core Software Delivery Platform user are updated to those of the corresponding LDAP user.
Unable to match an LDAP user
When an LDAP user cannot be matched to an OpenText Core Software Delivery Platform user, the imported LDAP user is considered new. New users are created using the details of the corresponding LDAP users, and are assigned to the default workspace with the predefined viewer role.
Unable to match any LDAP user
Because you cannot have a mix of users created with internal user management and users imported from LDAP, the non-LDAP OpenText Core Software Delivery Platform users are unable to log in to OpenText Core Software Delivery Platform. In this case, we recommend that you manually deactivate these users. For details on deactivating users, see Roles and permissions.
Mappings are configured in OpenText Core Software Delivery Platform Settings. For details, see Field Mapping.
See also:
