LDAP security plug-in

The LDAP security plug-in (secLDAP.dll) allows you to map user accounts and groups from your LDAP directory server to Crystal Enterprise; it also enables the system to verify all logon requests that specify LDAP Authentication. Users are authenticated against the LDAP directory server before the APS grants them an active Crystal Enterprise session. User lists and group memberships are dynamically maintained by Crystal Enterprise.

LDAP authentication for Crystal Enterprise is similar to NT authentication in that you can map groups and set up authentication, authorization, and alias creation. In addition, you can do the following:

• Implement LDAP authentication when Crystal Enterprise is running on Windows or on UNIX.
• Assign LDAP aliases to existing users if the user names match the Enterprise user names.
• Create new Enterprise accounts for existing LDAP users.
• Map users and groups to the LDAP directory service (either manually or automatically).
• Specify multiple host names and their ports.

For information on mapping your LDAP users and groups to Crystal Enterprise, see Managing LDAP accounts.

Once you have mapped your LDAP users and groups, all of the Crystal Enterprise client tools support LDAP authentication, except for the Crystal Import Wizard. You can also create your own applications that support LDAP authentication. For more information, see the Crystal Enterprise Web Developer's Guide.

More about LDAP

Lightweight Directory Access Protocol (LDAP), a common, application-independent directory, enables users to share information among various applications. Based on an open standard, LDAP provides a means for accessing and updating information in a directory.

LDAP is based on the X.500 standard, which uses a directory access protocol (DAP) to communicate between a directory client and a directory server. LDAP is an alternative to DAP because it uses fewer resources and simplifies and omits some X.500 operations and features.

The directory structure within LDAP has entries arranged in a specific schema. Each entry is identified by its corresponding distinguished name (DN) or common name (CN). Other common attributes include the organizational unit name (OU), and the organization name (O). For example, a member group may be located in a directory tree as follows: cn=Crystal Enterprise Users, ou=Enterprise Users A, o=Research. Refer to your LDAP documentation for more information.

Because LDAP is application-independent, any client with the proper authorization can access its directories. LDAP offers you the ability to set up users to log on to Crystal Enterprise through LDAP authentication. It also enables users to be authorized when attempting to access objects in Crystal Enterprise. As long as you have an LDAP server (or servers) running, and use LDAP in your existing networked computer systems, you can use LDAP authentication (along with Enterprise and NT authentication).