Using LDAP with HCL Compass

Overview of user authentication methods available with HCL Compass.

HCL Compass offers two methods of user authentication. You can use traditional HCL Compass authentication or use the industry standard Lightweight Directory Access Protocol (LDAP) to authenticate using an LDAP directory server. With HCL Compass authentication, a user enters a user name and password to log on, and HCL Compass verifies that they match a user name and password stored in the HCL Compass database set (schema repository).

With LDAP authentication, a user enters a user name and password in the same HCL Compass login window and HCL Compass checks an LDAP directory for a matching user record. HCL Compass supports environments where multiple LDAP configurations can be used to authenticate.

To authenticate users against the HCL Compass database set, use the User Administration Tool to enter and manage user name and password information.

To authenticate users against an LDAP-compliant directory, use the user names and passwords that are maintained in the directory. If you have configured HCL Compass to support multiple LDAP configurations, users must login by prefixing their user name with the LDAP domain name, for example, DOMAIN1\user_name. Using LDAP authentication can decrease administration and user support costs by reducing the number of passwords that users have to remember. LDAP can also improve security by enforcing the password management policies implemented in the directory.

Regardless of the type of authentication (LDAP or HCL Compass) that you use, HCL Compass performs the authorization. That is, information in the HCL Compass database is used to determine user database access and group participation. Use the HCL Compass User Administration tool to specify authorization information and to maintain user profiles.

This topic is intended for HCL Compass administrators.