Configuring LDAP group retrieval during authentication

You can set up your LDAP configuration in Remedy Single Sign-On to retrieve LDAP groups during authentication. This configuration enables authentication calls to retrieve user group and role details in addition to user information. 

For more information about LDAP authentication in Remedy SSO, see  LDAP authentication process .

To configure LDAP group retrieval in the console

  1. From the console, access the Realm tab.
  2. Click on your realm ID.
  3. Click Authentication.
  4. From the Authentication Type list, choose LDAP.
  5. Select Enable Group Retrieval.
  6. In the following optional fields, provide group retrieval details:

    Base DN for group search

    Provide the starting location within the LDAP directory for performing group searches. The search DNs should be as specific as possible for performance reasons. The depth of the search that is performed can be configured. If an object search is specified, then the Base DN should be the DN of the node containing the groups. If no value is specified, the base DN for the user search value is used.

    Example: CN=Groups,DC=004331dc,DC=local

    Group Filter

    Provide the filter expression to determine additional group memberships beyond primary groups (nested groups).

    Default: (&(objectClass=group)(CN={})) This default works for Active Directory and OpenLDAP group retrieval. If you are using a different directory service, use the filter for that service.

  7. Click Save.