Mappings between LDAP and Talend Administration Center : Best Practices

Talend Documentation Team
Talend Data Fabric
Talend MDM Platform
Talend Data Integration
Talend Big Data
Talend Big Data Platform
Talend Real-Time Big Data Platform
Talend ESB
Talend Data Management Platform
Talend Data Services Platform
Administration and Monitoring
Talend Administration Center

Mappings between LDAP and Talend Administration Center

This article applies to users of Talend Administration Center (TAC) who want to implement LDAP mappings for SVN/Git credentials.

When implementing LDAP with Talend Administration Center, the best practice is always to define mappings for any field you wish to synchronize.

For sensitive information such as SVN/Git credentials, which you may not want to store unencrypted in your LDAP, you can set up the appropriate ACL or use the Talend API to encrypt it.

Prior to 6.3.1, a workaround was to synchronize the "SVN login" or "Git login" field but not the "SVN password" or "Git password", which would be input in the "User Settings" page, by each user. This behavior caused several issues detailed below.

For this reason, from 6.3.1 on, it is no longer possible to input credentials directly in the "User settings" page when LDAP enabled. The best practice to manage SVN/Git credentials is also detailed below.


You should not enable users to set information in Talend Administration Center manually because:

  • When a user input his/her credentials from the "User Settings" page and saved, this information was not written back to the LDAP.
  • Then, when an administrator edited the roles for this user from the "Users" page and saved, any information that this user had manually input in the "User Settings" (such as SVN/Git credentials), was written back into the LDAP as null.

The next time this user tried to access a remote project in Talend Studio, an error message was displayed (e.g. "SVN E170001 : authentication required", in case of SVN).


From 6.3.1 on, when LDAP is enabled in Talend Administration Center, users can no longer change SVN/Git credentials in the "User Settings" page.

If you choose not to map the password field between your LDAP and the Talend Administration Center database, a patch for Talend Studio is available to let users input their SVN/Git credentials on connecting to a remote SVN/Git.

This behavior means you do not need to map this particular field but can still benefit from the synchronization between LDAP and Talend Administration Center for all other information.
Warning: When migrating to 6.3.1, the credentials previously registered in the LDAP are enforced.