There are 3 scenarios where LDAP may be used with PeopleSoft
Delivered external authentication:
In this instance the customer chooses an attribute in the user object which will contain the PeopleSoft user ID. The login process is configured to access the LDAP server using the user credentials entered in the challenge screen. Signon PeopleCode connects to the LDAP server, retrieves the user object which matches the value entered by the user as the "UserID", extracts the DN from the user object and attempts to BIND the user object using the entered password. If this sequence is successful, Signon PeopleCode extracts the value in the attribute which has been configured as storing the PeopleSoft user ID, usually "uid" and makes a call to SetAuthenticationResult to cache the user profile and log the user into a PeopleSoft session.
Default or Dynamic Role creation:
This is an extension to the authentication functionality above. If the user successfully authenticates against LDAP but does not have an entry in PSOPRDEFN and a default Role has been configured, the entry will be created in PSOPRDEFN and the user will be logged into that default Role in PeopleSoft. This default Role is usually the Self Service Role, so customer PeopleSoft administrators do not have to create an account for every employee, for instance.
With Dynamic Roles, a user account can be created or modified using attribute values in the user object, queries against the PeopleSoft instance or other custom logic.
PeopleSoft Directory Interface (PDI):
This is a licensable option with HCM and developed/supported as an Enterprise Component.
With this option, the LDAP schema is modified with PeopleSoft specific object classes and attributes to create a structure in LDAP which reflects the organizational structure defined in HCM. Messages are created from Workforce Management events to modify the LDAP structure to reflect changes in the workforce.
LDAP authentication and Role management are described in the Security Administration PeopleBook, http://www.oracle.com/applications/peoplesoft/tools_tech/ent/ptools/peoplebook-security-administration.pdf, which is part of the PeopleTools suite., PDI is described in the Enterprise Components PeopleBook, http://download.oracle.com/docs/cd/B40039_02/psft/acrobat/hrcs9ecq-b1206.pdf, which is part of the HCM suite.
PeopleSoft supports LDAP v3, and delivers 4 pre-built configurations:
- Oracle Internet Directory
- Sun Java System Directory Server
- Novell eDirectory
- Microsoft Active Directory
There is also a custom option to allow any other configuration to be defined.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment