Managing User Accounts Via LDAP → Introduction to Using LDAP With SBM → Considerations for Managing User Accounts via LDAP
Considerations for Managing User Accounts via LDAP
Before using the
LDAP Setup & Tools features, consider the following
- You can use the
SBM Application Administrator
to import users and contacts from LDAP. You can also update resource attributes
by mapping data from LDAP.
- Managed administrators can perform LDAP functions if they are
granted specific privileges. To configure Auto Add settings on the
General tab of the LDAP Setup & Tools
dialog box, managed administrators must be granted the
Alter Server Settings privilege located on the
Administration – System privileges sub-tab. To access full LDAP
capability, managed administrators must be granted the
Global Administration and
Alter Server Settings privileges.
- If LDAP fields contain sensitive data that
administrators should not see, privileges can be specified in the LDAP tool to
limit administrators' access to these fields.
- Contact imports only apply to the
Contacts table. You cannot import from LDAP into custom
auxiliary tables that store contact data.
- Administrative locks are activated on the entire
Users table (meaning no other user updates or edits can take
place) when an import or update is performed via LDAP. Similarly, LDAP imports
and updates cannot be performed while user accounts are being added, edited, or
deleted by another administrator.
- Care must be taken when you modify and delete
mapped fields in LDAP and
example, if the name of an attribute is changed in LDAP, it is no longer mapped
Also, fields that are deleted in either tool are no longer mapped.
- When you update User and
that contain data are not modified if the mapped field in LDAP is empty. For
example, if a
Contact record contains a phone number and the LDAP record
does not, the phone number for the
Contact record is retained after updating. To update
SBM with an
LDAP attribute that has no active replacement, you must set the LDAP attribute
to some non-empty value such as "none."
User Map and
Contact Map tabs enable administrators to view values for LDAP
fields. If LDAP fields contain sensitive data that administrators should not
see, privileges can be specified in the LDAP tool limiting their access to
- When you import and update user records, or when users are
automatically added, uniqueness is guaranteed by the login ID and the LDAP UID.
A new user is not automatically added if a user already exists with the same
login ID. When you import and update
Contact records, uniqueness is determined by the Equality Key
specified on the
Contact Map tab. For details, refer to
Mapping LDAP Users and
- If you have added the
Active/Inactive optional system field to your
Contacts table, be sure that its default value is set to Active.
Contact records imported from LDAP are not visible to users.
Also, if your
Contacts table contains required fields, set default values for
these fields so that contacts imported from LDAP are guaranteed to have values.
Copyright © 2001–2018 Serena Software, Inc., a Micro Focus company. All rights reserved.