It is possible to create user and groups in and use them to control access to the system as well as create workflows. It is also common that the list of users and groups is maintained externally in systems such as Active Directory or Open LDAP. can leverage your existing users repository.
There are two configuration scenarios when integrating with LDAP. Each one uses a different Security Manager.
- integrates with an external LDAP/AD system and is in full control of user authentications. Use the LDAP Security Manager in this situation.
- is deployed to an existing servlet container that is already handling user authentications through LDAP. Authentication, in this case, is the responsibility of the container. However, is responsible for runtime authorization and design time querying of user metadata. Use the LDAP Container Security Manager in this situation as that reuses the existing LDAP connector but relies on the container for user authentications.