IBM® EMM applications query the
Marketing Platform for user authorization information. When LDAP integration is implemented, users enter their valid LDAP user name and password for authentication to
IBM® EMM applications.
When integration is configured, you cannot add, modify, or delete the imported user accounts in the Marketing Platform. You must perform these management tasks on the LDAP side, and your changes will be imported when synchronization occurs. If you modify imported user accounts in the
Marketing Platform, users may encounter problems with authentication.
Any user accounts you delete on the LDAP side are not deleted from the Marketing Platform. You should disable these accounts manually in the
Marketing Platform. It is safer to disable these deleted user accounts rather than deleting them, because users have folder ownership privileges in
Campaign, and if you delete a user account that owns a folder, objects in that folder will no longer be available.
The Marketing Platform imports groups and their users from the directory server database through a periodic synchronization task that automatically retrieves information from the directory server. When the
Marketing Platform imports users and groups from the server database, group memberships are maintained.
You can assign IBM® EMM privileges by mapping an LDAP group to an
IBM® EMM group. This mapping allows any new users added to the mapped LDAP group to assume the privileges set for the corresponding
IBM® EMM group.
A subgroup in the Marketing Platform does not inherit the LDAP mappings or user memberships assigned to its parents.
If you do not want to create groups in your LDAP server that are specific to IBM® EMM products, you have the option to control the users who are imported by specifying attributes. To achieve this, you would do the following during the LDAP configuration process.
You should try to avoid this situation. However, if it occurs, the partition of the IBM® EMM group most recently mapped to an LDAP group is the one that the user belongs to. To determine which LDAP group was most recently mapped, look at the LDAP group mappings displayed in the Configuration area. They are displayed in chronological order, with the most recent mapping listed last.
IBM® EMM supports two types of user accounts and groups.
When IBM® EMM is configured to integrate with an LDAP server, users and groups are synchronized automatically at pre-defined intervals.
LDAP users with special characters in their login names may experience problems with authentication. See Referência de Janela de Usuários for a list of allowed special characters. For LDAP accounts that you plan to import into
IBM® EMM, change login names that contain special characters that are not allowed.