About LDAP Authentication

LDAP authentication enables you to validate users through a central directory via the Lightweight Directory Access Protocol (LDAP). There are several options for LDAP authentication, including:

• LDAP

  Validates users against LDAP using SBM Application Engine.

• LDAP then Internal

  Validates users against LDAP using SBM Application Engine first, and then against the internal SBM database if the user is not found in LDAP.

• SSO LDAP

  Validates users against LDAP using SSO.

  • This option provides greater performance and more security options than the Application Engine-based LDAP options. When you configure SSO LDAP, all browser authentication requests are performed against LDAP by SSO, and only Web service authentication requests that do not have a security token are performed by Application Engine.
  • If you select this option, continue the configuration on the server that hosts the Single Sign-On (SSO) component. You must configure SSO LDAP on the Single Sign-On (SSO) server in order for SBM Configurator to successfully update the SSO configuration files.
  • You cannot use the Auto Add from LDAP feature with SSO LDAP. If you plan to configure SBM to automatically add users from LDAP upon successful authentication (Auto Add from LDAP), you must use LDAP or LDAP First, then Internal for user validation.
• SSO LDAP then Internal

  Validates users against LDAP using SSO first, and then against the internal SBM database if the user is not found in LDAP.

  • If you select this option, continue the configuration on the server that hosts the Single Sign-On (SSO) component. You must configure SSO LDAP on the Single Sign-On (SSO) server in order for SBM Configurator to successfully update the SSO configuration files.
  • You cannot use the Auto Add from LDAP feature with SSO LDAP. If you plan to configure SBM to automatically add users from LDAP upon successful authentication (Auto Add from LDAP), you must use LDAP or LDAP First, then Internal for user validation.