If you are using E1, every application you use will require E1 to validate your user ID and your digital signature. These queries will become a bottleneck. Instead, E1 can use LDAP which allows E1 to offload the user validation workload and gain significant performance improvement. In addition, companies that use LDAP for many applications can also use it for JDE eliminating the need for both administrators and users to add, delete and make regular password changes in both places.
Does AD work with E1?
If you are not a savvy networking geek, you may have some confusion about this initiative. For example, you will see that E1 works with LDAP. You know that your company uses AD. You may even spend some time researching if E1 works with AD. The search results don’t really give an answer. Well I am here to tell you that AD does work with E1. As we said earlier, AD is built upon LDAP and this is the protocol you will use.
Do I need to implement SSO with LDAP?
Enabling LDAP with E1 has nothing to do with Single Sign On. SSO is strictly about providing access to applications via a portal. Let’s save that for another day.
Enabling LDAP & E1
First thing you absolutely need to know up front is that this initiative is nothing like an E1 implementation. You won’t need to visit a Doctor and beg for anxiety pills. In fact, it is relatively easy and the changes will be made offline only taking effect once you restart the E1 servers.
A lot of our customers ask what can be managed by LDAP instead of E1. Well there are certain things LDAP can do and certain things it can not. For example, LDAP can validate your E1 UserID, passwords and user role relationships. It does not allow you to sync a system user from LDAP into E1. In addition, definition of roles does not sync and user profile attributes are more complex in E1 than LDAP so this is not handled by LDAP.
It is also important to note that the maintaining of users is not as easy as deleting them from E1. Since the users are being maintained in AD, they need to be deleted in there. Once you do delete them in AD, you must understand that they do not get deleted in E1. In fact, you can not delete them in E1 because the P0092 delete buttons are grayed out. The add and copy buttons are also grayed out.
In addition, you must note that if LDAP is managing roles and if you delete a role that it will get deleted from E1 the next time the user logs into the software.
Schedule Ad Hoc
The schedule of this service greatly depends upon your timetable. Contact us to get this project on our production schedule.
Estimated Time 20 Hours
We’ve implemented this recently for a multi million dollar company over a weekend. Including planning, meeting & training sessions, it took us 20 hours.
Most people want to know how long an E1/LDAP integration will take. On average it takes a couple of meetings and a weekend but it really depends upon how many users, domains and which type of data you want to sync. It could take longer.
Estimated Cost $1,540