LDAP Federation Overview¶
You can create users from the Lightweight Directory Access Protocol (LDAP) federation. EnOS supports the synchronization of users from an LDAP directory to EnOS user account system and grant permissions for these LDAP users.
While EnOS allows you to manage LDAP connections, the following facts and rules apply for the LDAP connections in EnOS:
One organization can connect to one or more LDAP servers. Each LDAP connection can be configured with multiple base DN accounts.
Multiple organizations can connect to the same LDAP server.
Make sure that the user information is consistent between EnOS IAM and the LDAP server. If the user information is changed on the LDAP server, you can manually synchronize the changes to EnOS. Each time when a user logs in, EnOS will detect the account status in the LDAP server.
Managing LDAP users in EnOS is the same as managing the internal and external users.
You can group LDAP users and grant permissions for LDAP users. Authorized LDAP users can log in to EnOS Management Console with the appropriate permissions.
You can enable and disable the login of LDAP users for an organization.
Key Concepts¶
LDAP connection: The connection between the LDAP server and EnOS. An LDAP connection contains the configuration information of the LDAP server.
LDAP user: A user who logs in to EnOS via an account that is imported from an LDAP directory.
LDAP User Login Workflow¶
The following figure shows the workflow of EnOS login method.