LDAP Integration

LDAP stands for Lightweight Directory Access Protocol and is used to authenticate users for access to resources.

Rhapsody LDAP integration allows Rhapsody users to be authenticated using an LDAP directory. LDAP directories, such as Microsoft Active Directory, are used to provide central management of user services and access rights. When integrated with Rhapsody access groups, a system administrator could allow or deny a user access to Rhapsody IDE or the Management Console by modifying their network profile.

The goal of LDAP integration within the Rhapsody engine is to allow users to be managed from a central directory. IT teams can allow and deny access to various Rhapsody engines using their LDAP directory and not interacting with Rhapsody.

Enabling LDAP results in Rhapsody disabling local user accounts, including Administrator. Therefore, when using LDAP authentication, any user notification actions, such as watchlists, must be associated with LDAP user accounts rather than local user accounts.

Interaction with the User Manager should be restricted to initial set-up and changes to access groups only. LDAP does not need to be configured with instances of Rhapsody. In other words, access to different servers can be controlled by group memberships such as ProductionServer_Monitoring and DevelopmentServer_Administrator.

The ldap.properties file, which contains Rhapsody's LDAP configuration properties, is created automatically after Rhapsody starts. The file is located in Rhapsody's data directory: data/users/ldap.properties. When the Rhapsody Engine starts up, if the ldap.properties file does not exist, a default ldap.properties file will be created, where LDAP will be disabled ldap=false. To use LDAP, change ldap=false to ldap=true. Refer to LDAP Properties File for details.