This content has been marked as final. Show 1 reply
I did not understand your question completely...
I could make out 2 points:
1. EITHER you are referring to - how to manage PS security of different profiles using LDAP.
2. OR you are referring to - how to manage overall system security for different profiles using LDAP. Where, the overall system security = PS + other systems.
For point 1 above:
You need not worry to bring roles to LDAP. What you just need is the LDAP should work, the users (of any profile) should be able to access PS by SSO (Single Sign-On) using LDAP authentication.
And PS will take care of the rest of the security. How? -> Every PS user profile will be associated to role and permission lists + row security permission list...
For point 2 above:
In this case, you would need point 1 + have some kind of system directory. The system directory can be used for LDAP authentications and managing security across different profiles. With the help of directory you can control the security + access of the profiles across various systems based on the user id of the user. But you need to use the same user id for any user across all the systems in order to achieve this.
For example: If let say the PS user is USER01 for Person A. Then you need to ensure that the access/user profiles created for Person A across all systems is USER01 only.
Let me know if these points help.