EPX allows Administrators to employ an organization’s existing centralized user management capabilities through LDAP to manage users. EPX can import users from an LDAP service, and provide authentication against this service. Once the users are imported from the LDAP server, the user data that is stored locally in the EPX database is automatically kept in sync with the LDAP user population. To achieve this, EPX keeps an open connection with the LDAP service using an anonymous user account in order to be notified when user information is modified. Administrators have the option of performing periodic synchronizations or an automatic synchronization, or disable synchronization completely. Administrators also have the option of using a predefined LDAP application account for import and synchronization of user data, instead of an anonymous account.
If a directory server is available on your network with entries already configured for the users you intend to add to EPX, you can set up the EPX Application Server to connect to the LDAP server, allowing you to import the user details to EPX and automatically create users.
You are not allowed to modify the user details or the password of a user imported from LDAP, nor import a user who has already been added. However, if user makes updates or deletions in the LDAP server, these changes are reflected in EPX.
To enable the LDAP mode for EPX:
Go to the <EPX>\bin directory and open the config.properties file.
Find the LDAP Provider configuration settings. There are two LDAP Provider options in this release: Microsoft Active Directory and Sun Directory Server. Set the directory.provider property to directory.provider=0 if you are using Microsoft Active Directory or set it to directory.provider=1 if you are using the Sun Directory Server.
Open your EPX Design Console. In the Navigator pane, right-click the name of the server that the users will be added to, and then click Open in the shortcut menu.
In the Server editor, click the LDAP tab.
Select the Enabled checkbox to enable LDAP.
Specify an LDAP Server Host, Port Number, and Search Base for connecting with the LDAP server.
Important: In order for LDAP login authentication to work, the O=Enterworks and OU=people object classes must be specified on the LDAP server to which you are connecting. For example, given that O=Enterworks and OU=people are the values set in your LDAP server, these values must be specified as the search base values to be able to retrieve a successful user search.
Note: When you enable the LDAP mode, you will be able to create users from LDAP data, but you will not be able to use any other EPX administrator functions for user administration. To return to the regular EPX mode, uncheck the Enabled checkbox on the LDAP tab.