LDAP Sync is the key tool for synchronizing users from LDAP (Light-weight Directory Access Protocol) / Microsoft Active Directory (AD) to the user base of the ONE Automation platform i.e., Automation Engine (AE) and CA Automic Release Automation (ARA).
This guide is intended for administrators and managers who wish to use LDAP Sync to synchronize their LDAP directory with Automic ONE Automation Platform user base.
When your organization already stores users and user groups in a corporate directory on a LDAP server, you may wish to authenticate ONE Automation users via LDAP service.
You can link ONE Automation platform to a LDAP directory for authentication, user and user group management.
How does AE Authentication via LDAP work?
AE supports authentication via LDAP for existing users in the ONE Automation platform. Therefore, three pre-conditions must be fulfilled:
- The LDAP connection must be configured in the AE
- A so-called User object must exist in the AE for the user who wants to log-in
- The User object is assigned to an AE user group
How does User Synchronization via LDAP Sync work?
For keeping user objects up to date, you can use LDAP Sync instead of managing user objects manually. LDAP Sync keeps the AE users including their assignments to AE user groups synchronized with the users in the LDAP directory.
For managing users and user groups, LDAP Sync supports one basic and one extended use case:
- Basic use case: user synchronization from LDAP directory to AE
LDAP Sync updates or creates a user in AE based on user entries in the LDAP directory. It automatically adds a user if a new LDAP user gets added into a synchronized group.
LDAP Sync updates user group assignments to the AE user, if the LDAP user group exists in AE. New user objects in AE will be stored in the No Folder AE folder.
LDAP Sync will remove a user group assignment from the AE user, if no corresponding LDAP user exists or the LDAP user group does not exist in AE.
LDAP Sync does not delete AE User objects.
AE user groups are administrated in AE manually (see also: AE Administration Guide).
- Extended use case: user synchronization from LDAP directory to AE and ARA
In addition to synchronization to AE, LDAP Sync also manages ARA User entities
Overview Architecture LDAP Sync Integration
The following diagram illustrates the relationships between the LDAP Sync component and related components like LDAP, AE or ARA.
See also: