An LDAP directory server is a third-party product that maintains information about users and groups. Documentum Content Servers use LDAP directory servers for two purposes:
Manage users and groups from a central location.
Authenticate users.
Using an LDAP server provides a single place for making additions and changes to users and groups. Content Server runs a synchronization job to automatically propagate the changes from the directory server to all the repositories using the directory server.
The LDAP support provided by Content Server allows mapping LDAP user and group attributes to user and group repository properties or a constant value. When the user or group is imported into the repository or updated from the directory server, the repository properties are set to the values of the LDAP properties or the constant. The mappings are defined when Content Server creates the LDAP configuration. The mappings can be modified later.
Using an LDAP directory server includes the following constraints:
The changePassword method is not supported for users managed through an LDAP directory server.
Dynamic groups are supported only on Sun Java System directory servers.
The LDAP synchronization job must have at least read access to a unique identifier on the directory server, as follows:
nsuniqueid on SunDirectory processor
objectguid on Active Directory Server
ibm-entryuuid on IBM
guid on Novell
orclguid on Oracle
Apart from the unique identifiers, all the attributes that have been mapped in the LDAP configuration object should also have read access in the directory server.
For information about certified LDAP servers, refer to the Content Server Release Notes for your Content Server version.