Friday, September 6, 2013

Informatica User Management using LDAP


LDAP Capabilities
·         LDAP: Lightweight Directory Access Protocol
·         Repository Server passes a user login to the external directory for authentication
·         The repository maintains an association between repository user names and external login names
·         Does not maintain user passwords in the repository
·         Helps in security & user management

Implementation

·         Built in plug-in in Informatica software
·         Set up a connection to an LDAP directory service and specify the users and groups that can have access to the PowerCenter domain
·         Import the user account information from the LDAP directory service into an LDAP security domain
·         Set a filter to specify the user accounts to be included in an LDAP security domain.
·         When a user logs in, the Service Manager authenticates the user name and password against the LDAP directory service.

Set up the connection to the LDAP server
  1. In the LDAP Configuration dialog box, click the LDAP Connectivity tab.
  2. Configure the LDAP server properties.



Configure Security Domains
Create New Security group and provide attributes for below options
·         User Search Base
·         User Filter
·         Group Search Base
·         Group Filter

Schedule the Synchronization Times
1.       On the LDAP Configuration dialog box, click the Schedule tab.
2.       Click the Add button (+) to add a new time.
3.       The synchronization schedule uses a 24-hour time format.
4.       You can add as many synchronization times in the day as you require. If the list of users and groups in the LDAP directory service changes often, you can schedule the Service Manager to synchronize several times a day.
5.       To immediately synchronize the users and groups in the security domains with the users and groups in the LDAP directory service, click Synchronize Now.
6.       Click OK to save the synchronization schedule.

Operational Steps-Adding user and configuring
1.       Sync LDAP using Admin console
2.       Grant permissions
3.       Create Informatica Folder if required
4.       Add user as owner of Informatica Folder
5.       Add group (from native security domain) and give RWX
6.       If user will be removed anytime, folder owner will be automatically set to Administrator. Other users can still see folder as group permission has given.
Posted by at

2 comments:

Subscribe to: Post Comments (Atom)