4 Replies Latest reply on Jul 22, 2020 5:03 AM by user126898

    Active Directory User (i.e. LDAP user) for Installation of Informatica IDQ on Linux Server

    Ashutosh Jumde Active Member

      Can Active directory User(i.e. LDAP User) be used for installation of the Informatica IDQ Services on Linux server?

      In Installation guide it is  explicitly mentioned as System User Account for Installation of the Services. But there are some policies form the client IT side which only allows the Active Directory users.

      So I need a confirmation - if the AD user is allowed for installation of Informatica IDQ Services on Linux server ? If it is allowed - will it cause any issues in future?

       

      Note : Version of IDQ is 10.4.1

        • 1. Re: Active Directory User (i.e. LDAP user) for Installation of Informatica IDQ on Linux Server
          Nico Heinze Guru

          I would respond to this request from IT in a different way:

          Such policies are fine in all-Windows environments. But Linux is not Windows. And obviously policies that apply to Windows environments can not always be applied to other systems (such as Linux or AIX or whatever).

           

          Requesting that a Windows-Only policy (such as using only AD users) is applied to non-Windows environments is - I don't intend to offend anyone, but that's my opinion - stupid.

          Your IT should simply accept that Linux is not Windows and that Windows policies cannot always be applied to Linux systems. Period.

           

          That's similar to the request of some first-time Linux/Unix users that they want to have their mapped network drives under Windows be available on Linux machines in exactly the same way as they are used to them (namely in the Windows Explorer). There is nothing like a mapped network drive in Linux. So such a policy simply cannot be applied to Linux.

           

          In general (I haven't worked with this kind of feature myself, to be honest) it should be possible as long as the Linux server has access (e.g. regarding firewall settings) to the Active Directory server. After all an AD server does behave like a LDAP server in some respects.

          So it MIGHT be possible to use an AD user on Linux for installing / running the software. But I cannot tell for sure because I simply don't know whether the Informatica platform on Linux supports the use of MS AD as an LDAP server or not. May be mentioned in the Product Availability Matrix for IDQ 10.2.

           

          Regards,

          Nico

          • 2. Re: Active Directory User (i.e. LDAP user) for Installation of Informatica IDQ on Linux Server
            user126898 Guru

            Applying access control policies to linux using AD is pretty common.

            Linux has for years been able to integrate with LDAP and AD directly enabling SSO and other aspects.  You even have the ability to create user profiles for AD users in the linux AD forest.

             

            So to your question.  This is not an Informatica issue at all.  You are asking can about installing software on linux using an AD user.  Yes linux supports installing software as AD users. The requirement that Informatica would have is to be able to correctly define the environment variables pre/post installation to run the server correctly. Which you can do.

             

            So yes you absolutely use a AD user to install Informatica and execute the server. 

            You then can even configure AD/LDAP at the server admin console to control users and logins to Informatica thru AD.

             

            Also if the organization is looking to have a mapped drive like windows you can do that as well.  Using the mount protocols of linux you can configure a CIFS mount.  This directly mounts a windows server file directory to a linux directory.  So customers can continue to manage files using windows explorer but because of the mount users in linux see the same thing and the INFA can read and write to the same directory.  So end users need to know nothing about linux.

             

             

            Thanks,

            Scott

            • 3. Re: Active Directory User (i.e. LDAP user) for Installation of Informatica IDQ on Linux Server
              Ashutosh Jumde Active Member

              Thanks Scott,

               

              This question is due to :

              1. 1. I have not used the AD user before for installation of Informatica on Linux. It is always a system / Linux local user which is provided to me by IT team.

              Though I have setup the LDAP/AD authentication in the Admin console for the AD users to actually access and use the Informatica application, But these are 2 different things. Hence the question,

              1. 2. The Installation guide says "System User Account" . And I couldn’t  find any reference of AD user.

               

              So I wanted to take the confirmation -

              1. 1. If it is allowed that Informatica can be installed using AD user ? - As per you it is allowed
              2. 2. Will it cause any issue in future ?
              • 4. Re: Active Directory User (i.e. LDAP user) for Installation of Informatica IDQ on Linux Server
                user126898 Guru

                1)  yes.  An AD user looks and operates like a system/local user.  So you can install the software.

                2) From an Informatica perspective I cant think of any.  Where you could run into issues is on the customer side.  Ensuring they use a AD service account vs a personal account to do the install, making sure if they ever upgrade the server OS the AD/LDAP software is compatible, making sure the AD forest is actively synced on the server.

                All things outside of Informatica and our control but more on the linux server admin side.

                 

                 

                thanks,

                Scott