Working with LDAP and Oracle directory service

Venafi Trust Protection Platform™ includes Lightweight Directory Access Protocol(LDAP) support for connecting Trust Protection Platform to Oracle Directory Server Enterprise Edition, 11g for LDAP (ODSEE) (formerly, Sun® Directory Server Enterprise Edition).

How Director connects to an external LDAP directory, such as Oracle Directory Services Enterprise Edition for LDAP.

Trust Protection Platform's LDAP feature is based on a standard implementation (see RFC4510). This is because each variation of LDAP includes many unique methods for accomplishing similar tasks, such as how to resolve group memberships.

Similar to Active Directory, LDAP connections are read-only. Trust Protection Platform reads user and group data directly from LDAP in real time so you can log in as an external user, view external users and groups in the Identity tree, select external users or groups as object Contacts, and assign object permissions to external users and groups.

NOTE In Trust Protection Platform, user directories are closed systems. This means that local users can see only local users and groups. Likewise, external users can see only external users and groups within their own directory (or, if enabled within their own directory and the local directory). For example, if you have three LDAP connections, you must log in to LDAP1 to see its contents, LDAP2 to see its contents, and LDAP3 to see its contents.

For information about allowing external identities to see local identities, see Allowing AD and LDAP users to see teams and local users.

Trust Protection Platform supports concurrent connections to multiple external user directories. This enables you to effectively distribute encryption system administration in environments that utilize multiple user directories.