Mappings between LDAP and Talend Administration Center
This article applies to users of Talend Administration Center (TAC) who want to implement LDAP mappings for SVN/Git credentials.
When implementing LDAP with Talend Administration Center, the best practice is always to define mappings for any field you wish to synchronize.
For sensitive information such as SVN/Git credentials, which you may not want to store unencrypted in your LDAP, you can set up the appropriate ACL or use the Talend API to encrypt it.
Prior to 6.3.1, a workaround was to synchronize the "SVN login" or "Git login" field but not the "SVN password" or "Git password", which would be input in the "User Settings" page, by each user. This behavior caused several issues detailed below.
For this reason, from 6.3.1 on, it is no longer possible to input credentials directly in the "User settings" page when LDAP enabled. The best practice to manage SVN/Git credentials is also detailed below.
You should not enable users to set information in Talend Administration Center manually because:
- When a user input his/her credentials from the "User Settings" page and saved, this information was not written back to the LDAP.
- Then, when an administrator edited the roles for this user from the "Users" page and
saved, any information that this user had manually input in the "User Settings" (such as
SVN/Git credentials), was written back into the LDAP as
The next time this user tried to access a remote project in Talend Studio, an error message was displayed (e.g. "SVN E170001 : authentication required", in case of SVN).
From 6.3.1 on, when LDAP is enabled in Talend Administration Center, users can no longer change SVN/Git credentials in the "User Settings" page.
If you choose not to map the password field between your LDAP and the Talend Administration Center database, a patch for Talend Studio is available to let users input their SVN/Git credentials on connecting to a remote SVN/Git.