LDAP and InterSystems IRIS®
InterSystems IRIS® provides support for authentication and authorization using LDAP, the Lightweight Directory Access Protocol. LDAP systems have a central repository of user information, from which InterSystems IRIS retrieves information. For example, on Windows, a domain controller using Active Directory is an LDAP server.
LDAP authentication — InterSystems IRIS prompts users for a username and password. The instance is associated with an LDAP server, which performs authentication and retrieves the user’s roles and other authorization information. The instance can also be configured to use cached credentials to authenticate users, in cases where it cannot connect to the LDAP server.
LDAP authorization — InterSystems supports LDAP groups for specifying roles as part of authorization. LDAP authorization with OS-based authentication is used for the local InterSystems IRIS terminal. (Access to the Terminal is managed by %Service_Console on Windows and %Service_Terminal on all other operating systems.)
InterSystems IRIS can also provide authentication and authorization for multiple LDAP domains simultaneously.
You can also use LDAP with the InterSystems IRIS delegated authentication feature, which allows you to implement custom mechanisms to replace the authentication and role-management activities that are part of InterSystems security.
InterSystems IRIS provides LDAP support for:
LDAP version 3 protocols (earlier LDAP protocols are not supported)