Symantec Access Management

Can user be created in LDAP using CA Strong Authentication UDS (User Data Service) during enrollment ?

(createUser operation of ArcotUserRegistrySvc service)

Documentation has details of how to map 'existing' users of LDAP but does not specify whether new users can be created directly in LDAP  (not in RDBMS). I would like to use LDAP as a user store and users currently do not exist in LDAP.

In short my preference here is to use LDAP as a user store not RDBMS.

Thanks

Hi, Advanced authentication product only has READ rights on the user directory. We cannot write anything which means we cannot create a user or write anything else in the LDAP user store. 

Thanks

Awijit 

Hi Awijit

Thanks. I have read further CA Advanced Authentication 9.0 documentation and has following details for enrollment. Does it not mean user can be created in LDAP? 

"Enrollment is the process of creating a user and creating credentials for that user. Users can reside in the CA Strong Authentication database or in a directory like Microsoft Active Directory or SunOne Directory. When using a directory service, do not create users in CA Strong Authentication. Map user attributes to CA Strong Authentication database attributes."

Does Advanced authentication create it's own user store apart from primary user store?

Hi,

Enrollment is the process of creating a user and creating credentials for that user.

But when you are using LDAP Directory, you just need to map the LDAP attributes with ArcotDB attributes. During the authentication, it will check for mapped attributes and fetch the data from ldap but it wont write anything to ldap. 

Does Advanced authentication create it's own user store apart from primary user store?

It wont create the entire user store but it will store the username data for reference.

Thanks,
Sharan

Hi,

In order to start enrollment from scratch, is there a way to delete this reference from the arcot user db?

Thx