I am working with a customer that is using CMOD multiplatform running on Linux. They are looking to enable LDAP and use single signon. I am looking for a high level description and how OnDemand uses the security tables. Is it a way to import users and groups from an AD as it is done on CM.
Hello Bill,
So you have here the configuration in the ars.cfg file for LDAP. Look at the ARS_LDAP_* configuration parameter (I am using AIX as an example).
http://publib.boulder.ibm.com/infocenter/cmod/v8r4m1/topic/com.ibm.ondemand.installingmp.doc/ars1i07177.htm#arscfgfileaix
You have also this file for some nice messages to send to the user http://publib.boulder.ibm.com/infocenter/cmod/v8r4m1/topic/com.ibm.ondemand.installingmp.doc/ars1i071130.htm#wq152
Now... there is one thing I am not sure about your question, and this is the import users and groups from an AD... What do you mean by that exactly?
LDAP in CMOD is only used for authentication and nothing else. CMOD won't use the groups/security/... from LDAP.
You have your users/passwords in LDAP and that's it.
Thr groups and permissions for Application Group/Folder/Cabinet/... are in CMOD.
At least it is so now with CMOD 8.X maybe in CMOD 9.X it will changed, I have no idea...
So what does it means for you, You can create the users in LDAP, import it in CMOD with ARSXML (create a nice XML from AD in the CMOD format, then you need to create the whole security definition in CMOD with group, etc... etc... either from the Admin Client, or with ARSXML.
What I have done for some customers, was to write an interface to their central permission software, and convert their own rights codes into XML files and load them automatically into CMOD each day.
Again, I am not sure to understand your question, and I hope my answer will give you some answer to your question.
If not, please come back with more details!
Best regards,
Alessandro