sorodriguezz/skills/intersystems-iris-demo-integrating-with-ldap
skills/intersystems-iris-demo-integrating-with-ldap/SKILL.md
# InterSystems IRIS Demo: Integrating with LDAP LDAP The InterSystems IRIS® data platform can integrate with an LDAP (Lightweight Directory Access Protocol) server, which makes it seamless to authenticate users with this popular technology. It’s also easy to provide authorization through LDAP, too. When a user attempts to log in to InterSystems IRIS, the username and password are sent to the LDAP server to verify that the user exists. Once the user’s identity has been authenticated, the LDAP
testing
Updated Apr 21, 2026
$ install --global
skillsauthnpx skillsauth add sorodriguezz/skills-objectscript skills/intersystems-iris-demo-integrating-with-ldapInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 21, 2026, 9:44 PM363.4s1 file scanned
SKILL.md
InterSystems IRIS Demo: Integrating with LDAP
LDAP
The InterSystems IRIS® data platform can integrate with an LDAP (Lightweight Directory Access Protocol) server, which makes it seamless to authenticate users with this popular technology. It’s also easy to provide authorization through LDAP, too.
When a user attempts to log in to InterSystems IRIS, the username and password are sent to the LDAP server to verify that the user exists. Once the user’s identity has been authenticated, the LDAP server sends InterSystems IRIS information about which groups the user belongs to. These groups correspond to the roles in InterSystems IRIS that control what actions the user is authorized to perform and whether they can read or write content. In this way, InterSystems IRIS uses LDAP technology for both authentication and authorization aspects of its security strategy.
By following the steps in this guide, you can connect to an LDAP server and explore how it affects security in InterSystems IRIS. In these exercises, you configure InterSystems IRIS to inte grate with a Windows Active Directory server. Though other LDAP servers are supported, this tour of LDAP authentication and authorization focuses on using Active Directory.
1 Setting up LDAP authentication
Before logging in as LDAP users and exploring LDAP-based security in InterSystems IRIS, you need to do the following:
-
Select InterSystems IRIS Instance
-
Define an LD AP configuration
-
Select an LDAP domain as the default
-
Enable LDAP authentication in InterSystems IRIS
-
Install the security certificate for the LD AP server
1.1 Selecting an InterSystems IRIS Instance
To use the procedure, you will need a running InterSystems IRIS instance. Your choices include several types of licensed and free evaluation instances; the instance need not be hosted by the system you are working on (although they must have network access to each other). For information on how to deploy each type of instance if you do not already have one to work with, see Deploying InterSystems IRIS in InterSystems IRIS Basics: Connecting an IDE.
1.2 Defining an LDAP Configuration
InterSystems IRIS uses an LDAP configuration to define the information needed to connect to the LD AP server and search for users. To create and define a ne w LDAP configuration:
-
Open the Management Portal for your instance in your browser. The URL to use depends on the type of instance you selected; for information about determining the correct URL, see InterSystems IRIS Connection Information in Inter- Systems IRIS Basics: Connecting an IDE.
-
Go to the Security LDAP Configurations page (System Administration > Security > System Security > LDAP Configurations).
-
Click Create New LDAP configuration.
In the Name field, enter example.com.
-
Select the Enabled checkbox.
-
Select the LDAP server is a Windows Active Directory server checkbox.
-
Define the follo wing fields:
Field
Contents
LDAP domain name (Windows only)
example.intersystems.com
LDAP host names
exampledc1.example.intersystems.com
LDAP username to use for searches
-
(Windows) sidLDAPQuery
-
(UNIX®) CN=sidLDAPQuery,CN=Users,DC=example,DC=intersystems,DC=com
LDAP username password
Select Enter New Password, then enter the password as Cach3L3arning
LDAP Base DN to use for searches
DC=example,DC=intersystems,DC=com
LDAP Unique search attribute
sAMAccountName
-
Select the Use TLS/SSL encryption for LDAP sessions checkbox.
-
Select the Use LDAP Groups for Roles/Routine/Namespace checkbox.
-
Select the Allow Universal group Authorization checkbox.
-
Click Save.
1.3 Selecting the New LDAP Domain as the Default
Once the LDAP configuration for the LD AP server is defined, you need to set the ne w LDAP configuration as the def ault LDAP domain. To set the LDAP server as the default:
- From the Management Portal home page, go to the System-wide Security Parameters page (System Administration >
Security > System Security > System-wide Security Parameters).
-
Select example.com from the Default security domain drop-down list.
-
Click Save.
1.4 Enabling LDAP Authentication
Using an LDAP server is just one method of authentication available in InterSystems IRIS. Not only must LDAP authentication be enabled for the entire instance of InterSystems IRIS, but each component of InterSystems IRIS that needs to be accessed by an LDAP user must also be enabled for LDAP authentication. The following procedure enables LDAP authentication for the instance and those components needed for this tour of InterSystems IRIS security:
- From the Management Portal home page, go to the Authentication/Web Session Options page (System Administration
Security > System Security > Authentication/Web Session Options).
-
Select the Allow LDAP authentication checkbox.
-
Click Save.
-
From the Management Portal home page, go to the Web Applications page (System Administration > Security > Appli-
cations > Web Applications).
From this page you will enable LDAP authorization for the sections of the Management Portal that you will be accessing in the tour of InterSystems IRIS. Because other sections of the Management Portal will not have LDAP authorization enabled, you might be asked to log in if you try exploring these other sections.
-
Click /csp/sys to display the page used to configure the web application.
In the Security Settings section, select the LDAP checkbox in the Allowed Authentication Methods field.
-
Click Save.
-
Once the setting is saved, click Cancel to return to the Web Applications page.
-
Click /csp/sys/sec. This web application contains the security pages of the Management Portal.
-
In the Security Settings section, select the LDAP checkbox in the Allowed Authentication Methods field.
-
Click Save.
-
Once the setting is saved, click Cancel to return to the Web Applications page.
-
Click /csp/sys/op. This web application contains the operation pages in the Management Portal.
-
In the Security Settings section, select the LDAP checkbox in the Allowed Authentication Methods field.
-
Click Save.
1.5 Installing a Security Certificate for the LDAP Server
The LDAP server is secured with TLS, so you need to install a security certificate to successfully access the serv er. You will create a .cer file that contains the required certificate content before identifying it as the security certificate.
1.5.1 Creating .cer file
To create the file that will be installed as the security certificate:
-
Open a text editor such as Notepad and create a new file.
-
Copy all of the following content and paste it into the new file in the te xt editor. The new file should be gin with
-----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE-----.
-----BEGIN CERTIFICATE----- MIIDuTCCAqGgAwIBAgIQO5hG2uC7G7ZBxcXt/J+z3TANBgkqhkiG9w0BAQsFADBv MRMwEQYKCZImiZPyLGQBGRYDY29tMRwwGgYKCZImiZPyLGQBGRYMaW50ZXJzeXN0 ZW1zMRgwFgYKCZImiZPyLGQBGRYIaXJpc2xkYXAxIDAeBgNVBAMTF2lyaXNsZGFw LUlSSVNMREFQREMxLUNBMB4XDTE4MDQwOTE0MDUzMloXDTIzMDQwOTE0MTUzMlow bzETMBEGCgmSJomT8ixkARkWA2NvbTEcMBoGCgmSJomT8ixkARkWDGludGVyc3lz dGVtczEYMBYGCgmSJomT8ixkARkWCGlyaXNsZGFwMSAwHgYDVQQDExdpcmlzbGRh cC1JUklTTERBUERDMS1DQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AL/aNDJJNbzGh6tXG8+hmEEplb80UQMcIhLvoanz/RKKZXBBY68rO5pkYUwn/24g pryGy0OUjA997KKol5rdbXWzK7vUMuVSp0atw1m4vF9hmp1bpKBC60OXmV39Fqar ej1dkRl0ZXOmCexP8JqTyNwhpOLXvazzzvsNRr4ts9u1m6y9kFYecu4PRqtFCgoC T6rbgqz1Ew3VrhQHi0HWvq1sR2CngxdyG8AnlSo6nz3X/IrTwrw5lauNLfpsRda5 D5YfUpxYeqpONSUB650u9bC0l5eRWe8kS33Xr+u5Odkhy087I/zN+GK7xMGzxYMR OWNINIGRvlLuDRshKQl4gP0CAwEAAaNRME8wCwYDVR0PBAQDAgGGMA8GA1UdEwEB /wQFMAMBAf8wHQYDVR0OBBYEFM3Ofv4R/zkEgHkp4ayvTkAvxJikMBAGCSsGAQQB gjcVAQQDAgEAMA0GCSqGSIb3DQEBCwUAA4IBAQC8hhvc/+WsDeipNezBo+ovum2z 7q0fStr73Tj84cDGSyCmT2Q/h0qFvkfjtRd8AUBdG0qjhIB4VLVyWmrWDl1jAUcr 3AzygfO6UZjNRT+4c8r8R2xOhE3wJEJWibzXD9bPCtCkhYNJT6bi5PSRgUq+r9GU IHnAUmaQa+K+kNEpAvBfIeQ2ox9NPbtUfj/fswKpubWzZZc2udeU8SQLacl6tZMA tXgZPT6lQfoZU2WmDG1EnoC4Ji1++Sf6Ho2i6kxg1m6geyOPSsGPdsAVjYCqCjuZ pxjAsfZXV2juLyTBM51rrmV/Rqfougnikh4zhFRBrOHtMP71ZxCptMVz3RHe -----END CERTIFICATE-----
- Save the file as example.cer in a directory that you can access.
1.5.2 Installing the Security Certificate on Windows
If you are running InterSystems IRIS on Windows, complete the following steps to finish the process of installing the security certificate that you created.
- Using Windows Explorer, double-click the security file
example.cer in the directory where you saved the file.
-
Click Install Certificate.
-
Select Local Machine and click Next.
-
Click Yes to allow changes to be made to your device.
-
Select Place all certificates in the following store and click Browse.
-
Select Trusted Root Certification Authorities and click OK.
-
Click Next.
-
Click Finish.
1.5.3 Installing the Security Certificate on UNIX®
If you are running InterSystems IRIS on UNIX®, complete the following steps to finish the process of installing the security certificate that you created.
- While logged in to the Management Portal as the _system user, go to the Security LDAP Configurations page (System
Administration > Security > System Security > LDAP Configurations).
-
Click example.com from the list of LDAP configurations.
In the TLS/SSL certificate file field, enter the path and filename of
example.cer, which is the file you created and sa ved.
2 Exploring LDAP Users and Groups
Now that you have configured your LD AP connection and enabled LDAP authentication, you can use the LDAP server to log in to InterSystems IRIS. The LDAP server contains three users: user1, user2, and user3. The user1 belongs to the intersystems-Role-%Operator group, user2 belongs to the intersystems-Role-%Manager group, and user3 belongs to the intersystems-Role-%Developer group. Each group grants privileges belonging to a corresponding role in InterSystems IRIS. For example, when user1 is successfully authenticated by the LDAP server, they are assigned the %Operator role.
In this tour, you will log in to InterSystems IRIS as all three users and explore what actions are available based on the roles associated with the user. When you log in to InterSystems IRIS as a valid LDAP user, InterSystems IRIS automatically creates the user without requiring that you manually add the user beforehand.
2.1 User1: Operator
To log in as user1 and explore InterSystems IRIS:
If you are currently logged in to InterSystems IRIS, click the Logout link at the top left of the Management Portal.
- Log in to InterSystems IRIS using the following credentials:
User Name: user1
Password: Password1
User1 is a member of the intersystems-Role-%Operator group. Based on this group, when user1 is authenticated, they are automatically granted the privileges associated with the %Operator role in InterSystems IRIS.
-
From the Management Portal home page, go to the Databases page (System Operation > Databases). User1 has access to this page because they have been authorized by the LDAP server to interact with pages associated with the %Operator role.
-
On the Management Portal home page, notice that the System Administration menu is disabled. User1 cannot access
this menu because the %Operator role does not include the proper privileges.
2.2 User2: Manager
To log in as user2 and explore InterSystems IRIS:
-
Click the Logout link at the top left of the Management Portal.
-
Log in to InterSystem IRIS using the following credentials:
User2 is a member of the intersystems-Role-%Manager group. Based on this group, when user2 is authenticated, they are automatically granted the privileges associated with the %Manager role. As you will see, these privileges include access to pages that user1 could not see.
- From the Management Portal home page, go to the Users page (System Administration > Security > Users). Remember
that user1 could not access the System Administration menu.
-
Click user1 from the list of users.
-
Click the Roles tab.
Notice that %Operator is the only role assigned to user1.
-
Click Cancel to return to the Users page.
-
Notice that there is no entry for user3 in the list of users. This user will be created automatically when user3 logs in,
at which point InterSystems IRIS uses the LDAP server to authenticate the user.
2.3 User3: Developer
To log in as user3 and explore InterSystems IRIS:
-
Click the Logout link at the top left of the Management Portal.
-
Log in to InterSystem IRIS using the following credentials:
User Name: user3
Password: Password3
User3 is a member of the intersystems-Role-%Developer group. Based on this group, when user3 is authenticated, they are automatically granted the privileges associated with the %Developer role.
- Notice that the user has access to the System Explorer menu, but not the System Operation and System Administration menus. You can tell that the %Developer role assigned to user3 has different privileges than the roles assigned to user1 and user2. This prevents user3 from seeing their own user profile because the Users page is under the System Administration menu.
Learn More About LDAP and Security
2.4 Automatic User Creation
You have been logging in to InterSystems IRIS without creating new users first. InterSystems IRIS automatically creates these users when they are found on the LDAP server. The following procedure demonstrates this process:
-
Click the Logout link at the top left of the Management Portal.
-
Log in to InterSystem IRIS using the following credentials:
Remember that user2 has the %Manager role.
-
From the Management Portal home page, go to the Users page (System Administration > Security > Users).
-
Find user3 in the list and click Delete in its row.
At this point, user3, the user with the %Developer role, no longer exists in InterSystems IRIS.
-
Click the Logout link at the top left of the Management Portal.
-
Log in to InterSystem IRIS using the following credentials:
User Name: user3
Password: Password3
Because user3 still exists on the LDAP server, you are able to log back into InterSystems IRIS as user3 even though you just deleted the user account in InterSystems IRIS.
If desired, you can log back into InterSystems IRIS to confirm that user3 is no w a user.
a. Click the Logout link at the top left of the Management Portal.
b. Log in to InterSystem IRIS using the following credentials:
c. From the Management Portal home page, go to System Administration > Security > Users. User3 is now in the list
even though you previously deleted the user account.
3 Learn More About LDAP and Security
You can use the following resources to learn more about LDAP and other security concepts.
-
For detailed information about using LDAP with InterSystems IRIS, see LDAP Guide.
-
For an introduction to role-based security in InterSystems IRIS, see About InterSystems Authorization.
Related Skills
sorodriguezz/skills/xdbc-gateway
data-ai
VerifiedTrustedCommunity
# XDBC Gateway XDBC Gateway Overview The XDBC Gateway provides a single interface for connecting InterSystems IRIS® to an external database with JDBC or ODBC. It acts as the modern, streamlined successor to the SQL Gateway. The XDBC Gateway acts like a JDBC or ODBC driver and lets you perform any of the following operations: - Access data stored in third-party relational databases within InterSystems IRIS applications. - Store persistent InterSystems IRIS objects in external relational data
SKILL.mdUpdated Apr 21, 2026
sorodriguezz/skills/windows-installation-guide
devops
VerifiedTrustedCommunity
# Windows Installation Guide Windows Installation Overview The Windows Installation Guide provides guidance on installing kit-based deployments on Microsoft Windows. ### 1.1 How to Use This Guide For all installations, you should begin with the Pre-Installation steps. You can then follow the steps for either an attended or unattended installation. The attended installation process is different depending on the setup type you choose. After following the steps for attended installations, use t
SKILL.mdUpdated Apr 21, 2026
sorodriguezz/skills/windows-installation-details
testing
VerifiedTrustedCommunity
# Windows Installation Details Windows User Accounts When installing InterSystems IRIS, you must choose the Windows user account to run the InterSystems service, InterSystems IRIS Controller for <instance-name>. There are two options: - The default SYSTEM account (Windows Local System account). This is used in Minimal security installations. - A defined Windows user account. This account must have interactive login privileges for the duration of the installation; they can be revoked after.
SKILL.mdUpdated Apr 21, 2026
sorodriguezz/skills/web-gateway-guide
tools
VerifiedTrustedCommunity
# Web Gateway Guide C.2.1 Method 1: Building the CSP Module as Shared Object with apxs (APache eXtenSion) Appendix D: Add the Web Gateway to a Locked-Down Apache Installation (UNIX®/Linux/macOS) The Web Gateway: Serve InterSystems Web Applications and REST APIs to a Web Client An InterSystems IRIS® web application consists of code which provides content dynamically to a web client (usually a web browser) in response to a request. The InterSystems Web Gateway makes this possible: it is a soft
SKILL.mdUpdated Apr 21, 2026