Macromedia live cycle 7.2 Manual
Adobe LiveCycle
Getting Started with BAM Server
Installing and Configuring LiveCycle for JBoss
Configuring LDAP settings for BAM Server 92
Configuring LDAP settings for BAM Server
In addition to manually creating users and user permissions, Business Activity Monitor lets you to import
user information from supported LDAP providers. You can schedule automatic synchronizations or
perform manual synchronizations with the LDAP server to automatically update the existing users and
roles.
user information from supported LDAP providers. You can schedule automatic synchronizations or
perform manual synchronizations with the LDAP server to automatically update the existing users and
roles.
When synchronizing with the LDAP server, the user base DN, login identification and password, full name,
description, and email address properties are cached in the BAM metadata database.
description, and email address properties are cached in the BAM metadata database.
When BAM Server imports users from the LDAP server, LDAP groups are converted to Business Activity
Monitor roles. Users are assigned roles according to the group they belong to in LDAP. For more
information, see
Monitor roles. Users are assigned roles according to the group they belong to in LDAP. For more
information, see
Note:
BAM Server integrates with any LDAP provider that supports LDAP version 3 protocol.
Limitations of BAM Server LDAP connectivity
The following limitations apply to the BAM Server connectivity with the LDAP server:
●
You can configure a connection to only one LDAP server.
●
BAM Server creates roles based on groups that are defined on the LDAP server. When BAM Server
encounters a group for which a role is not yet created, it creates the role and assigns it a set of zero
permissions. You can later modify the permissions as required. (See
encounters a group for which a role is not yet created, it creates the role and assigns it a set of zero
permissions. You can later modify the permissions as required. (See
.)
●
If BAM Server imports a user and the user does not belong to a group to which a Business Activity
Monitor role corresponds, the user is created but remains unassigned to any roles.
Monitor role corresponds, the user is created but remains unassigned to any roles.
●
You cannot change the role that a user is assigned to if the user is imported from the LDAP server. Role
assignments for imported users can be accomplished by making changes to the LDAP server. However,
you can assign manually-created users to roles that are created based on LDAP groups.
assignments for imported users can be accomplished by making changes to the LDAP server. However,
you can assign manually-created users to roles that are created based on LDAP groups.
Best practices for BAM Server LDAP connectivity
When setting up the BAM Server connectivity with the LDAP server, it is strongly recommended you
adhere to the following best practices:
adhere to the following best practices:
●
If the connection to the LDAP server is not secure, you should use SSL.
●
For authentication, Simple Authentication and Security Layer (SASL) is the recommended method and
is well supported by LDAP.
is well supported by LDAP.
●
For security reasons, the access permissions of the LDAP synchronization user should be limited to
querying the LDAP server. For more information on the synchronization user, see
querying the LDAP server. For more information on the synchronization user, see
.
Caution:
The password for this user is stored in the BAM Server metadata using reversible symmetric
encryption. Therefore, anyone with access to the metadata can obtain this password.
encryption. Therefore, anyone with access to the metadata can obtain this password.