You are here: Integrating With CPQ Cloud > Integration Guides > Setting Up LDAP

Setting Up LDAP


LDAP (Lightweight Directory Access Protocol) is used to look up encryption certificates, pointers to printers and other services on a network, and provide "single sign-on" where one password for a user is shared between many services. LDAP is appropriate for any kind of directory-like information where fast look-ups and less frequent updates are the norm. LDAP also defines permissions set by the FullAccess users to allow only certain people to access the LDAP database and optionally, keep certain data private.

CPQ Cloud supports integration with any supplier’s LDAP for authentication.

ClosedHow does it work?

  1. The user logs in.
  2. CPQ Cloud sends authenticated query to LDAP.
  3. LDAP confirms the authentication from CPQ Cloud and logs the user in.


ClosedSetting Up LDAP

  1. Synch required information.

    What? Criteria Description
    Connectivity Information for the Supplier's LDAP ldap_initial_ctx_factory  
      ldap_provider_url URL of the LDAP server. Should follow the format of "ldap://DNS of LDAP: Port Number" OR "ldap://IP Address:Port Number". Either the DNS or IP Address can be used, but the Port Number must be included.
      ldap_binddn_username Username for the LDAP server. User must have access to the entire directory that will be searched.
      ldap_binddn_password Password for the above LDAP server.
    OU Organizational Unit  
    Search Criteria in LDAP Tree ldap_search_scope Details of the depth of the search in the LDAP tree structure for Organizational Unit. Can be either 0 (base-level), 1 (first level children under the base) or 2 (Entire subtree underneath the base).
      ldap_leaf_nodename Filter criteria. For Microsoft AD, this must be objectClass. For other servers, this can list the filter criteria.
    Additional Information ldap_passwrd_encyrption Encryption type for passwords being sent for authentication. Common is MD5.
      ldap_login_synch Setting to turn on LDAP-BMI data synch for every time a user logs in. true = BMI data is updated with LDAP info every time a user logs in. false = No sync or login. Sync must be manual, within BMI. Recommended by CPQ Cloud.
    Connectivity information provided by CPQ Cloud LDAP field mapping to BMI database column  
      LDAP field value format mapping to BMI database compatible value  
      LDAP field priority marker over BMI field, for updating the BMI DB record  
      LDAP field priority marker over BMI field, for updating the BMI DB record  
      Default value for each field in BMI database  
    1. The connectivity information will be used to connect to the supplier's LDAP. The search criterion will help in retrieving the appropriate limited set of users as there can potentially be many users in a company's LDAP. If a given LDAP field has its priority marked, then the LDAP value for that field takes priority over value in the BMI user record.
  2. Sample LDAP Properties Text

    ########### LDAP Properties ############










ClosedLDAP Information

The synch-up information between LDAP and CPQ Cloud is available in the form of an XML Document.

ClosedPre-conditions for LDAP user login

ClosedLDAP User Search Page

ClosedMap LDAP user to BMI user - available options

ClosedLDAP Schema Manipulation

The FullAccess user will be able to view or update the LDAP schema. The “Display Sample LDAP Schema” and “Display LDAP Schema” options as shown below on the search inputs page. The admin will also be able to upload a new schema from here. Once the new schema is uploaded, the impact is immediate; that is, any subsequent synch operations will pick up the new schema. The sample schema that is currently in effect can be viewed using the display link besides the upload button.

ClosedLDAP Maintenance and Troubleshooting

ClosedEditing the Synch-Up Schema

ClosedLDAP Mapping Settings and User List Page

ClosedSynch-Up Single User on Users List Page

Synch-up is available only for an existing LDAP user in BMI database.

When the admin does a synch-up on a given user, only the non-priority marked fields will be taken from the UI input. The rest is picked up from LDAP profile information. This implies that the priority marked fields should be grayed out on the user details page. The synch button will be shown only for an LDAP user.



Related Topics Link IconSee Also