LDAP Information Flow

The following scenario presents a high-level overview of the general flow of information between Intelligence Server and an LDAP server when an LDAP user logs into Developer or Strategy Web.

LDAP User Login Information Flow

1. When an LDAP user logs in to Strategy Web or Developer, Intelligence Server connects to the LDAP server using the credentials for the LDAP administrative user, called an authentication user.
2. The authentication user is bound to LDAP using a Distinguished Name (DN) and password set up in the user's configuration.
3. The authentication user searches the LDAP directory for the user who is logging in via Developer or Strategy Web, based on the DN of the user logging in.
4. If this search successfully locates the user who is logging in, the user's LDAP group information is retrieved.
5. Intelligence Server then searches the Strategy metadata to determine whether the DN of the user logging in is linked to an existing Strategy user or not.
6. If a linked user is not found in the metadata, Intelligence Server refers to the import and synchronization options that are configured. If importing is enabled, Intelligence Server updates the metadata with the user and group information it accessed in the LDAP directory.
7. The user who is logging in is given access to Strategy, with appropriate privileges and permissions.

LDAP Anonymous Login Information Flow

When an LDAP anonymous (empty password) logs into Strategy Web or Developer, Intelligence Server checks whether the LDAP anonymous bind to the LDAP server is successful. When this succeeds, the Intelligence server authorizes the LDAP anonymous login using LDAP Users and Everyone groups. The privileges and permissions of LDAP Users and Everyone groups are applied.