Transparent integration with Active Directory and LDAP
Plastic SCM's user authentication subsytem can be configured to directly use Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) servers. This feature greatly simplifies user and group management. When a change is recorded on the AD or LDAP server (for example, adding a new user or changing an existing user's group membership) the change is immediately reflected in the Plastic SCM environment. There is no need to periodically import entire user databases from the server -- an expensive and error-prone procedure.
The figure below shows a typical scenario, in which Plastic SCM simply stores security identifiers (SIDs) in its repositories, and retrieves names and group hierarchies directly from the AD/LDAP server.
When Plastic SCM is hosted on a Windows server, it's typically configured to use Active Directory:
Developers using Windows machines in the same Windows domain will need to configure their Plastic SCM client software to use Active Directory, too. These developers will be authenticated by the AD server transparently -- they don't need to set up a Plastic SCM username or password.
Developers on Windows machines in other domains, along with developers on Linux and Mac OS X machines, will need to configure their Plastic SCM client software to use LDAP mode (specifying a user name and password). These developers will also be authenticated by the AD server.
Plastic SCM servers on Linux machines can use Active Directory
You can set up a Plastic SCM server running on a Linux machine to validate users in a Windows domain, by setting up an LDAP connection to the Active Directory server. Developers on Windows machines will still be authenticated using AD, while developers on non-Windows machines will use LDAP.
Native LDAP environments are supported, too
Native LDAP environments (OpenLDAP, Active Directory in LDAP mode, etc.) are supported by configuring all clients and servers, regardless of operating system, to use LDAP.