Join LinkedIn Or Sign In

Have something to say?

Join LinkedIn for free to participate in the conversation. When you join, you can comment and post your own discussions.

Srikanth

We have recently implemented PowerCenter LDAP configuration and migrated all Native users to LDAP. Let me know if anyone has any questions on LDAP configuration and migration process.
March 8, 2012

Like Comment Follow Flag More

Carlos Jorge M., Vasant D. and 6 others like this

14 comments

Srikanth

Srikanth V. We implemented LDAP in following fashion. 1.Create LDAP Users and Groups. LDAP Users and Groups are created by Active Directory team instead of creating from Informatica Admin Console. We only run the synchronization to import LDAP users and groups. 2. Create PowerCenter Roles and attach the required privileges. Go to Security Tab on Admin console. 3. Following are the properties to setup LDAP security Click on Actions - LDAP Configuration a. Active Directory Server Name: xxxxx.met.com b. Port (Default: 3268) c. LDAP Directory Service (Microsoft Active Directory) d. Create a Batch ID or a User ID (Principal User) to connect to the Active Directory (password set to non-expiry). e. Name: cn=<principal user>,cn=users,dc=met,dc=com f. Password: xxxxxx g. Group Membership Attribute: Member h. Maximum Size:1000

4. Go to Security Domains tab and configure the following: a.Security Domain: Name of the Security Domain Ex: MET.COM b. User Search Base: CN=Users,DC=MET,DC=COM /*Define the below LDAP Groups for the User Filter*/ c. User Filter: (&(ObjectClass=user)(|(memberOf=CN=Finance_Group,CN=Users,DC=MET,DC=COM)(memberOf=CN=Invento ry_Group,CN=Users,DC=MET,DC=COM)(memberOf=CN=HR_Group,CN=Users,DC=MET,DC=COM))) d. Group Search Base: CN=Users,DC=MET,DC=COM e. (&(objectCategory=group)(|(sAMAccountName=Finance*)(sAMAccountName=INS_app11740*)(sAMAccountNa me=Inventory*)(sAMAccountName=HR*))) 5. Schedule: Setup the time in which you want to run the synchronization. In this case, we did it through a script. 6. Click on preview button to see list of users and groups. 7. Once you confirm the validity of users and groups, click on 'Synchronize Now' to synchronize users and groups. 8. Up on successful synchronization, you can see Users and groups are imported to PowerCenter Domain. 9. Verify the imported LDAP Groups and Users on Groups and Users section in Security tab. 9. Attach the PowerCenter Roles to appropriate LDAP Groups. Refer to PowerCenter documentation on how to attach PowerCenter Roles to Groups. 10. Log in to Repository Manager, attach the LDAP Group for each folder with appropriate privileges. If required, follow the same pattern for Connections in Workflow Manager. Refer to PowerCenter documentation on how to attach Groups to the folder. We have automated this process using scripts. Should you have any questions, let me know. Cheers, Srikanth
May 16, 2012

Ujjwal

Ujjwal M. Hi Srikanth After assigning folders to LDAP Groups. When you update LDAP userid/pwd with wrong details and try to synchronize - i couldn't see all the folders in repository manager. At first - I thought all code was gone. After

checking version history - I saw code was there and checkedout. I had to recheckin everything. have you been in this situation.
May 16, 2012

Srikanth

Srikanth V. Hi Ujjwal, Yes you are right. We must be very careful while updating the user/pwd details as well as updating LDAP queries. If you try to update with a wrong query and run the synch, all the users and groups that were imported during the previous synchronization will be wiped out from the domain and the corresponding folder privileges will be gone forever. I faced this issue in past while I was trying to update the user/group search query. Always double check the query before you update and run the synch. One best way to check the validity is through using a third party LDAP browsers like Softerra LDAP, LDAP Admin etc. Also run preview before you run the synch. -Srikanth
May 16, 2012

Ujjwal

Ujjwal M. Hi Srikanth Thanks for advise. Will keep that in mind. - Ujjwal
May 16, 2012

Rajanikanth

Rajanikanth A. Can you let me guide step to step process for this LDAP.I tried a while back in Dev process which resulted in the repository hung
June 15, 2012

Srikanth

Srikanth V. follow the steps as I explained in my previous comment

June 15, 2012

Shaik

Shaik A. Can you let me guide step to step process for this LDAP to my mail id: tasadiqsk@gmail.com
5 months ago

Srikanth

Srikanth V. Would you please send step by step instructions if possible with screen shots to vsrikanth9@gmail.com... i know you gave more details above but it's always better to know in depth details Srikanth...
5 months ago

Paul

Paul N. I've tried several times and can only see groups, not users within the groups. Do I need both the user and group bases set up? I only want to use users.
4 months ago

Srikanth

Srikanth V. You need to specify the Group names in the User Search Query. Try the below query. Replace the CN and DC values accordingly as per your company LDAP specifications. (&(ObjectClass=user)(|(memberOf=CN=Developers,CN=Users,DC=xyz,DC=com)(memberOf=CN=Testers,CN=U sers,DC=xyz,DC=com)))
4 months ago

Bart

Bart S. I have successfully hooked into the LDAP server and can see the correct group as well as the users in the group, so I know it is reading LDAP correct. I assigned the Administrator role to the group and can verify that the

users in the group have inherited the admin permissions. However, I still cannot log into the Admin console with the users in that group. Any thoughts.
1 month ago

Prasad

Prasad S. Hi Srikanth, Can you please explain more on step 2? is that done at LDAP server ?
1 month ago

Sverre

Sverre K. I have implemented ldap. I run scheduled synchronizing in the night. Are there any possibilities to have an imediate synch to the ldap server? A sync to group membership when you log on? (Then the group must be known by Powercenter and the privilege must already bee set).
1 month ago

Saroj

Saroj M. Hi Srikanth, We wanted to have multiple groups based on privilege, so do we have to create these multiple groups in LDAP for each evironment (DEV, QA & PRODUCTION). Please advise. Also how to migrate the existing user to LDAP. Please advise. Do you have documnts which you can share, if yes can you please pass is to my gmail id (sarojm001@gmail.com) Thanks
1 month ago

Join LinkedIn Or Sign In

Have something to say?

Join LinkedIn for free to participate in the conversation. When you join, you can comment and post your own discussions.

Share Discussion
http://lnkd.in/z_HZDA

Manager's Choice

Announcement from Informatica Admin Experts

Arun S.See all

Group Statistics

CHECK OUT INSIGHTFUL STATISTICSON THIS GROUP

1. 2. MEMBERS Director Manager 3. Entry

3,759
View Group Statistics Help Center About Press Blog Careers Advertising Talent Solutions Tools Mobile Developers Publishers Language SlideShare LinkedIn Updates

DAP Active Directory

Active Directory Queries

Active Directory Client On This Page

3 Videos 7 Links to Related Articles

Related Links

Linux Active Directory Database Data Model LDAP Authentication Multi LDAP Manage SQL Database Active Directory LDAP
Watch the Did-You-Know slideshow

Article Details

Written By: M. McGee Edited By: Jenn Walker Copyright Protected: 2003-2013 Conjecture Corporation Print this Article

Free Widgets for your Site/Blog

Did You Know?
The most commonly adulterated foods (impure/unsafe foods) are olive oil, milk, honey, and saffron. more...
get widget

This Day in History

July 8 , 1776 : The Declaration of Independence was read for the first time in public, and the Liberty Bell was rung. more...
get widget

Subscribe to wiseGEEK
Learn something new every day More Info...by email
enter email ad

Lightweight Directory Access Protocol (LDAP) is a method of organizing data for use with databases that follow LDAP standards. This is an open standard, so any organization is able to use the structures without paying a licensing fee. An LDAP directory is optimized for reading over writing, making it a great choice for long-term storage, but not for active databases. The free license and read-centric nature of the Lightweight Directory Access Protocol has caused it to become a popular way of organizing information in data warehouses. The most confusing aspect of LDAP is what the protocol is exactly. The Lightweight Directory Access Protocol is a method of organizing and storing data. An LDAP database is a database that stores information according to the protocol. This point becomes very muddy as terminologies merge. The Lightweight Directory Access Protocol is both open standard and cross platform. This means that any user on any system is able to easily use and manipulate LDAP databases. It also easily handles virtual database systems, allowing several databases to act like a single entity on the client side. Lastly, it incorporates Internet Protocols directly into its specification, making accessing it over an Internet connection nearly painless. Ads by Google

1 Search, all Jobs

5 New jobs today. Apply now! Job Technical Support United States jobrapido.com

BHEL Openings July'13

Exp: 3 to 10 Yrs, Sal: 7L to 25L PA Apply Now & Get Multiple Interviews TimesJobs.com/BHEL-Hiring-Urgent

Best Jobs in Hyderabad

Apply for Top Companies in Hyd. Upload Resume at Monster.Apply Now! MonsterIndia.com/Hyderabad

TCS is Hiring (Urgent)

0-7 yrs exp; 2.1-11.3 Lakh salary Get Referred in TCS Today

www.roundone.in Upload Your CV For The Worlds No.1 Speedy Job Portal. Apply to Jobs Faster. Upload Now! Jobs www.careerbuilder.co.in
Since LDAP has a lot going for it, the protocol has become very popular as a means of storing information over a wide network. Many modern database designs have the ability to accessLDAP databases, even though they do not directly use the Lightweight Directory Access Protocol. This has extended the protocols popularity, as nearly every major database now hasLDAP built in or available through a plug-in. The way a Lightweight Directory Access Protocol database accesses and stores information has a large impact on how it is used. The protocol emphasizes reading data from the database over writing in new information. This makes adding information much slower than taking it out. Fast applications, such as bank records or online ordering, would find the methods too slow. Storage or records systems, such as inventory or tax information, work very well. The LDAP specifies a hierarchical organization for data. This is a method that is very familiar to most people and makes sorting through LDAP databases more straightforward than other systems. This organization method is often merged with Web addresses, making accessing top-level database information available through a Web browser. It is easy to think of these levels like the folders on a computer. The top level is the focus of the database, generally the name of a company or organization. Under that are sections for departments or projects within the organization. Under each of those headings are subsections within that area. On a computer, this is like a folder within a folder, each providing more specific information. Eventually, the folder, or database, will contain all of the information related to that specific topic. Ads by Google