Integrating LDAP into CP4I Console for user login

Here in this blog, we will learn how to integrate LDAP into the CP4I Console for user login.

Why LDAP?

Lightweight Directory Access Protocol [LDAP] is a protocol used to manage Active Directory services. It also enables organizations to store, manage, and secure information about the users in the organization. Adding, deleting, and modifying users [such as permissions, and password change] present in the Active directory can also be done. It provides applications with a way to query user login efficiently.

Uses of LDAP:

1. Centralized: LDAP is used to centralize the user login management, in the single particular accessible directory.
2. Authentication: It is used as an authentication process to log into applications integrated within an organization.
3. Communication: Establishes communication between applications and directory services.

Why is LDAP used to integrate into applications?

1. Single sign-on: LDAP Integrations enable single sign-in features, which allows the users to access multiple applications with single-user management. Such the same credentials can be used.

2. Scalability: It can handle a large number of authentication requests, thus making it suitable for organizations with multiple users and various applications.
3. Security: It helps protect sensitive user data across different applications.
4. Compliance regulatory: LDAP helps organizations meet regulatory requirements, by providing a standardized way to manage access to users across many applications.

List of LDAP server providers to integrate in CP4I

1. IBM Tivoli Directory server
2. IBM Lotus Domino
3. IBM SecureWay Directory Server
4. Novell eDirectory
5. Sun Java System Directory Server
6. Netscape Directory Server
7. Microsoft Active Directory
8. Custom LDAP services
   

LDAP Integration into CP4I

[In the above diagram, it describes User login to the Platform navigator console integrated with LDAP. As the CP4I application deployed into the Worker Nodes, but the CP4I Platform navigator web console routed to Load Balancer (H.A Proxy)]

Cloud Pak for integration offers integration instances such as API management (API Connect), ESB(App Connect), DataPower Gateway, IBM MQ, and Aspera under a single platform that can be deployed using the Openshift container platform. 

To access the services offered by CP4I, the user needs to log in to the Cloud pak console, which gives access to all integration instances.

There will be two users present in CP4I as the operator is deployed.

1. Kubeadmin user (Openshift cluster admin user)
2. Default admin user (provided by IBM)

As organizations have regulatory compliance, not all members get privileges to log in to admin users so LDAP appears.

LDAP can be integrated and permissions can be set to users accordingly to access the CP4I console.

Roles provided in CP4I to assign users

1. Automation Administrator: It has permissions including installing, uninstalling the instances, and administering the CP4I console, which is equal to the default admin user provided by IBM.
2. Automation analyst: It has permission to access the limited integration instances in the CP4I Console. 
3. Automation developer: It has permission to access the limited integration instances in the CP4I Console the same as the Automation analyst.
4. Automation operator: It has permissions to access the limited integration instances in CP4I Console same as Automation analyst and Automation developer.