LDAP configuration overview

Before you install Access Server and Management Console, ensure that you review the different LDAP modes that are available and determine which option is best for your environment.

Traditionally, Access Server authenticates users, stores user credentials and access data information, and acts as the centralized communicator between all replication agents and Management Console clients. In an LDAP configuration, the LDAP server manages the user credentials and authenticates users, and it can manage access data information depending on the LDAP configuration that you choose.

To configure LDAP to only authenticate and manage user credentials, you must install Access Server in LDAP Authentication Only mode. In this configuration, Access Server connects to the LDAP server and authenticates users by using an existing user search base distinguished name (DN) in the LDAP directory. You are still required to install Access Server to manage access data and the communications between replication agents and Management Console systems.

To configure LDAP to manage both user credentials and access data, you must install Access Server in LDAP Full Authentication and Authorization mode. In this configuration, the LDAP directory manages all user credentials and access data. Access Server is used only for communicating between Management Console, replication agents, and the LDAP directory.

Another option is using Management Console or CHCCLP as a standalone product. To configure Management Console as a standalone product, you must install Management Console with the LDAP Embedded Access Server option. To configure CHCCLP as a standalone product, you must install Access Server with LDAP CHCCLP with Embedded Access Server mode. When Management Console or CHCCLP is running as a standalone product, each instance uses its own embedded Access Server to communicate with the LDAP directory and a centralized Access Server is no longer needed. In this configuration, the LDAP directory must manage all user credentials and access data. The local embedded Access Server is only used for communicating between the local Management Console and the remote replication agents and LDAP directory. It is important to note that you cannot connect to any standalone Access Servers while running in this mode.

The traditional method of using Access Server as the main centralized system is still available. To configure this setting, you must install Access Server in standard mode (do not enable any LDAP configuration), and you must install Management Console without LDAP Embedded Access Server enabled. Access Server stores all user credentials and access data and acts as the main central system for communicating between the different utilities.