EPX can import users from an LDAP service, and subsequently provide authentication against this service. Once the users are imported from the LDAP service, the user data maintained in the EPX relational database schema is automatically kept in sync with the LDAP user population. If an organization already has centralized user management through LDAP, EPX should be able to utilize this already existing user information.
EPX runs in one of two modes: 1) normal mode, where all information is administered via the EPX administrator application, or 2) LDAP mode, where all user information is maintained using an LDAP server. EPX also supports the ability to query LDAP for specific user records, as well as to selectively import user data from LDAP.
When EPX is in LDAP mode, any change to the LDAP data will not require a separate change to the data by the administrator. No explicit action will be needed for the new information to become available to EPX servers that are running with that LDAP source. Also, any changes to the LDAP repository will go into effect just as they would when changing the EPX repository while running in normal mode.
Note: When EPX is running in LDAP mode, a system administrator cannot directly modify user information in the data repository.
To add users from LDAP:
In the Navigator pane, right-click the name of the server that the users will be added to, and then click Open in the shortcut menu.
In the Server editor, click the LDAP tab.
Select the Enabled checkbox to enable LDAP, and then type the necessary server, port and search base information.
Click OK to close the Server editor and save the changes.
In the Navigator pane, right-click the Users folder, and then click New... in the shortcut menu.
In the LDAP Search dialog, type in a search parameter if needed by clicking on the Search button, then click on Enter to return a list of users. See the “Attributes Supported by LDAP Implementation” table in the following section, this table contains a list of attributes for search parameters.
To create EPX user accounts for any or all of the LDAP users returned, highlight those users’ LDAP names, and then click Create. The new user names are entered into the Users folder.
Note: Other than the system account, any EPX user accounts defined prior to enabling LDAP will not be accessible.