There are essentially two types of users: Real Nimbus Users and Account Contact users.  LDAP users fall into one of these two categories but are a little more fluid.

1. Real Nimbus Users are created in Infrastructure Manager, (IM), through Security->User Administration.  These users are written to security.cfg file in the Nimsoft/hub folder. These are not stored in the CA_UIM database (so OC cannot see them). When a Real nimbus user logs into OC for the first time, their user account is copied to the separate DB tables (CM_USER).

2. Account Contact Users are created in the Operator Console > Settings > Account Admin.  These users are written directly to the CA_UIM database (CM_USER). Account Contact users cannot assign alarms to Real Nimbus users.

3. LDAP Users can be treated as Real Nimbus Users or Account Contact Users - it depends on which ACL they are given. If the ACL is Linked to an Account, then the LDAP user will be treated as an Account Contact (even if they're not a member of that account.) If the ACL they are given is not linked to any account, the LDAP user gets treated as a Real Nimbus User.

Some notes: 

- User information can be stored in four different places: 

    - Real Nimbus Users: in Nimsoft\hub\security.cfg and CM_USER once they log in to OC for the first time
    - Account Contact Users:  CM_USER  in CA_UIM DB. 
    - LDAP USERS: In Active Directory and in CM_USER table once they log in to OC for the first time

- Users who want to access OC SLM portlet or Dashboard Designer must be Real Nimbus Users, created in IM under Security->User Administration, and have the 'SLM Admin' or 'Dashboard Designer' permission on their ACL.
This is by design and is intended to prevent one customer from one account from being able to view data that belongs to a different account. Again, these users are created exclusively in IM through "User Administration".

- All usernames should be unique.  Creating LDAP users, Real Nimbus Users, and/or Account Contact users with identical usernames will create confusion about which credentials are being used to authenticate in OC.