Import Users from Active Directory

APG is used only if you are using Central User Management in conjunction with LDAP.

You can connect to LDAP without APG but you need to setup your ARIS Business Server (conf file) and your ARIS Db via the properties tab in the admnistration module.

You should reach out to you local support team to get more information.

Regards

We use LDAP user import here and do not currently have Governance Platform. As Mr. Bergeron said it is simply a configuration option to enable this.

I'm not sure what release you are running, however when we moved from 7.02 to 7.1, we found that LDAP use was exclusive, ie. you had to solely use LDAP for all users or manually create them, not both.

The documentation / local ARIS support team will definately be able to help.

Hope this helps

Dan

Thank you so much for your responses,

Regarding the (conf file) mentioned by Mr. Nicolas i have reached to the required conf file but i still unable to to setup my configuration in this file, so i would appreciate you guidance regarding this issue.

Thanks a lot.

regards,

Hazem

Procedures for Aris Business Server and Business Publisher are quite different:

On Business Server the connection to an LDAP service is set up only in the properties of each DB (Architect > Module Administration > Select DB > properties > Authentification system). Detailed info is in Architect's online help of the relevant dialogs. The most important detail you need to enter here is a technical user account and password in the LDAP directory, that has to be provided by your LDAP service admin.

You need to have Aris system user privileges within the DB. Bear in mind what Daniel Keegan wrote: After you switch a DB to LDAP authentification, only the default Aris DB user "system" can login without authentification from LDAP service as a backdoor. Other DB users you might have maintained manually before are then invalid.

You do not need to change the Business Server's configuration files, unless you want to log requests to the LDAP service, e.g. in order to trace errors. (cf. Architect Help)

On Business Publisher Server all settings are contained (and commented) in the tag block <ldap> of the configuration file \BPServer\tomcat\webapps\businesspublisher\config\webappserver.cfg.  The technical LDAP user account must be entered in the tag <ldapdefaultaccount.../>

The LDAP service product referenced by IDS is Microsoft Active Directory (AD) for Windows Server 2003. If you cannot map the details requested by Aris or use a different LDAP service your LDAP admin has to sort it out.

Regards, Martin

Dear Mr. Martin

We are using Microsoft active directory for windows server 2008 R2, when trying to import users i dont get any connection error messages but the search result for users comes empty, as i read in ARIS help the combination between ARIS and LDAP was tested and approved only for windows server 2003, so
i wonder if this is the only problem i have, i dont know if windows server 2008 was tested for such integration.

thank you for your help.

Did you try to add a logger for LDAP requests to the Business Server's configuration? This would be required by Software AG support desk anyway in order to track down the problem. Better ask them if MS ADS 2008 is meanwhile supported.

Mr. Hazem Shuqair,

I have 7.1.0.490292 running in a Windows Server 2008 R2 environment performing LDAP authentication.  I also was receiveing the blank screen when trying to import users (even with my LDAP settings correctly entered).

I found that the userServerSettings.cfg needed to have the below setting in order for the LDAP query to successfully page (chunks of 500) the request and imort the users correctly.

<ldap pagesize="500" referral="follow" />

Regards,

Tad

Thank you Tad, you help alot!