An LDAP search user account is used when an account needs to be authenticated or authorized, or when searching for information within an LDAP directory server.
In the following cases, you must register an LDAP search user account on the management server.
-
When an LDAP directory server is used as an external authentication server and the data structure is the hierarchical structure model
-
When an LDAP directory server is used as an external authorization server
When registering an authorization group in Common Component products by using the GUI, to verify whether the distinguished name of the authorization group is registered on the external authorization server by using a user ID such as the System account registered in Common Component products, you must register a user account used to search for LDAP user information on the management server.
Except in the cases shown previously, this step is not necessary, because LDAP user information is not searched during authentication and authorization. If a user account used to search for LDAP user information has been already registered, delete it.