The Good

Starting from version 8.1, PeopleSoft user's credentials be validated against the directory; hence leveraging pre-existing authentication data in an LDAP directory service and achieve Single-Sign-On across multiple PeopleSoft applications. Furthermore, user data that is typically used in a LDAP directory (such as name, phone number, and email address) can be updated instantaneously or on batch interval when information changes in PeopleSoft database.

The Bad

However, PeopleSoft delivered LDAP Authentication interface can only authenticate against one Directory tree.

Note: PeopleSoft support multiple LDAP authentication only for fail-over and redundancy. However, the replica servers must contain identical tree as the master

The Ugly

Under typical enterprise environment, where there are more than one directory trees (multiple AD implementations) exist, integration of PeopleSoft and multiple LDAP is only possible with customization to application sign-on process in PeopleCode. However, such customization is beyond normal support provided by PeopleSoft Global Support Center.

The Solution

Use Penrose to tie all the AD servers into one directory tree by Merging, Proxying and PTA-ing the AD servers.

Reference

• PeopleSoft Documentation