×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

Unsupported content

 

This version of the product has reached end of support. The documentation is available for your convenience. However, you must be logged in to access it. You will not be able to leave comments.
BMC Atrium Orchestrator Platform 7.9 Administering

Configuring LDAP group retrieval during authentication

You can set up your LDAP configuration in Remedy Single Sign-On to retrieve LDAP groups during authentication. This configuration enables authentication calls to retrieve user group and role details in addition to user information. 

For more information about LDAP authentication in Remedy SSO, see  LDAP authentication process Open link .

To configure LDAP group retrieval in the console

  1. From the console, access the Realm tab.
  2. Click on your realm ID.
  3. Click Authentication.
  4. From the Authentication Type list, choose LDAP.
  5. Select Enable Group Retrieval.

  6. In the following optional fields, provide group retrieval details:

    FieldDescription
    Base DN for group search

    Provide the starting location within the LDAP directory for performing group searches. The search DNs should be as specific as possible for performance reasons. The depth of the search that is performed can be configured. If an object search is specified, then the Base DN should be the DN of the node containing the groups. If no value is specified, the base DN for the user search value is used.

    Example: CN=Groups,DC=004331dc,DC=local

    Group Filter

    Provide the filter expression to determine additional group memberships beyond primary groups (nested groups).

    Default: (&(objectClass=group)(CN={})) This default works for Active Directory and OpenLDAP group retrieval. If you are using a different directory service, use the filter for that service.

  7. Click Save.

This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Last modified by Shweta Hardikar on Sep 29, 2017
authentication ldap groups rsso

Comments

  1. Stan Hardter

    For the group filter, the RSSO docs say to use: (&(objectCategory=group)(member:1.2.840.113556.1.4.1941:=$DN$))

    In my case, where we use a lot of nested groups, this worked much better.

    Aug 01, 2017 11:33
    1. Shweta Hardikar

      Hi Stan,

      I checked the RSSO docs and this filter expression works for RSSO 9.1.03 and later. This release of BAO doesn't support RSSO 9.1.03 yet. 

      Thanks!

      Sep 29, 2017 05:29

Log in or register to comment.

Working with realms
Managing users, roles, and permissions
© Copyright 2016-2017 BMC Software, Inc.
© Copyright 2016-2017 BladeLogic, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.