LDAP Information Flow

The following scenario presents a high-level overview of the general flow of information between Intelligence Server and an LDAP server when an LDAP user logs into Developer or MicroStrategy Web.

LDAP User Login Information Flow

1. When an LDAP user logs in to MicroStrategy Web or Developer, Intelligence Server connects to the LDAP server using the credentials for the LDAP administrative user, called an authentication user.
2. The authentication user is bound to LDAP using a Distinguished Name (DN) and password set up in the user's configuration.
3. The authentication user searches the LDAP directory for the user who is logging in via Developer or MicroStrategy Web, based on the DN of the user logging in.
4. If this search successfully locates the user who is logging in, the user's LDAP group information is retrieved.
5. Intelligence Server then searches the MicroStrategy metadata to determine whether the DN of the user logging in is linked to an existing MicroStrategy user or not.
6. If a linked user is not found in the metadata, Intelligence Server refers to the import and synchronization options that are configured. If importing is enabled, Intelligence Server updates the metadata with the user and group information it accessed in the LDAP directory.
7. The user who is logging in is given access to MicroStrategy, with appropriate privileges and permissions.

LDAP Anonymous Login Information Flow

When an LDAP anonymous (empty password) logs into MicroStrategy Web or Developer, Intelligence Server checks whether the LDAP anonymous bind to the LDAP server is successful. When this succeeds, the Intelligence server authorizes the LDAP anonymous login using LDAP Users and Everyone groups. The privileges and permissions of LDAP Users and Everyone groups are applied.