Configuring LDAP group retrieval during authentication

You can set up your LDAP configuration in Remedy Single Sign-On to retrieve LDAP groups during authentication. This configuration enables authentication calls to retrieve user group and role details in addition to user information. 

For more information about LDAP authentication in Remedy SSO, see  LDAP authentication process .

To configure LDAP group retrieval in the console

  1. From the console, access the Realm tab.
  2. Click on your realm ID.
  3. Click Authentication.
  4. From the Authentication Type list, choose LDAP.
  5. Select Enable Group Retrieval.
  6. In the following optional fields, provide group retrieval details:

    FieldDescription
    Base DN for group search

    Provide the starting location within the LDAP directory for performing group searches. The search DNs should be as specific as possible for performance reasons. The depth of the search that is performed can be configured. If an object search is specified, then the Base DN should be the DN of the node containing the groups. If no value is specified, the base DN for the user search value is used.

    Example: CN=Groups,DC=004331dc,DC=local

    Group Filter

    Provide the filter expression to determine additional group memberships beyond primary groups (nested groups).

    Default: (&(objectClass=group)(CN={})) This default works for Active Directory and OpenLDAP group retrieval. If you are using a different directory service, use the filter for that service.

  7. Click Save.
Was this page helpful? Yes No Submitting... Thank you

Comments

  1. Stan Hardter

    For the group filter, the RSSO docs say to use: (&(objectCategory=group)(member:1.2.840.113556.1.4.1941:=$DN$))

    In my case, where we use a lot of nested groups, this worked much better.

    Aug 01, 2017 11:33
    1. Shweta Hardikar

      Hi Stan,

      I checked the RSSO docs and this filter expression works for RSSO 9.1.03 and later. This release of BAO doesn't support RSSO 9.1.03 yet. 

      Thanks!

      Sep 29, 2017 05:29