Asset Bank requires a direct connection to the LDAP server (usually Active directory but could be Novell for example) via LDAP protocol. It is possible to integrate with more than one LDAP server if required.
Synchronisation of user accounts is done using one of the two modes below, and username/password authentication is done DIRECTLY against the LDAP server. Passwords are NOT stored in Asset Bank.
There are two modes:
a) Periodic synchronisation (e.g. daily) In this mode Asset Bank initiates a full synchronisation via a scheduled task.
User accounts are queried and synched into the Asset Bank table (adding new accounts, removing deleted ones, and updating user profile info such as full name, email address and groups).
Groups are synchronised if mappings are set up between LDAP groups and Asset Bank groups.
Note that passwords are NOT brought in - they remain only in the LDAP server. Once a user has been synched into Asset Bank then they can authenticate directly against the LDAP server.
b) On the fly In this mode, each user is synchronised at the point they try to log in, using the rules above. This means that users are only added to Asset Bank over time as each authenticates for the first time.
The LDAP query that Asset Bank uses to search the user accounts is configuration in the settings file, in terms of OU start point(s) and adding filters.
Does it limit any features?
No, in general LDAP integration does not limit Asset Bank functionality. It is possible to add non-LDAP users via the Asset Bank user management pages. You would normally switch off the registration and password reminder functions.
If you are using IIS, it is possible to implement single sign on, so that users can log into their workstations and be signed into Asset Bank automatically, using LDAP lookup to get profile information.