Integrating with LDAP and Third-Party Authentication Tools

You can integrate the 3DEXPERIENCE Platform with Lightweight Directory Access Protocol (LDAP) services.

You can use an LDAP service, such as openLDAP or Netscape Directory Server, as a repository to store information about users. The integration uses a toolkit from openldap.org (http://www.openldap.org/ ) for the underlying access protocols and is compliant with LDAPv3. The integration lets you authenticate users based on the users defined in the LDAP database. The integration lets you specify the user information to retrieve from the LDAP service, including address, comment, email, fax, full name, groups, password, phone, and roles.

The 3DEXPERIENCE Platform also lets you authenticate users (persons, groups, or roles) with an external authentication tool instead of authenticating through Live Collaboration. The 3DEXPERIENCE Platform provides Single Sign-on when external authentication is used. This means when a user attempts to access Live Collaboration (by logging into a Business Process app) after having been authenticated externally, 3DSpace allows the user access and does not present a separate login dialog.

The following limitations related to LDAP integration and/or external authentication apply:

  • MatrixServletCORBA does not support external authentication.

  • External authentication using LDAP integration is not supported for loosely-coupled databases.

  • LDAP integration is not supported on SGI IRIX or Compaq True 64 operating systems.
  • The integration works with LDAP version 2 servers but version 3 features, such as TLS/SSL, will not work when running on a version 2 server. It is recommended that you use version 3 servers.
  • LDAP user names and passwords can contain special characters, but do not use the following: “ , ‘ * (that is, double quote, comma, single quote, asterisk), since they are used within 3DSpace as delimiters. The local operating system of the LDAP directory may have further charter restrictions.