×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

Unsupported content

 

This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.
BMC Cloud Lifecycle Management 4.1 Integrating

Integrating BMC Cloud Lifecycle Management with LDAP/Active Directory

This topic was edited by a BMC Contributor and has not been approved.  More information.

This topic describes how to integrate BMC Cloud Lifecycle Management with Lightweight Directory Access Protocol (LDAP) for authentication purposes. This topic assumes that the BMC Remedy Action Request System Server is installed with the AREA LDAP plug-in and that the end user has the BMC Remedy User tool installed and Administrator privileges.


Overview

LDAP provides a standard method for accessing information from a central directory. A common use for LDAP is user authentication. AR System provides the following LDAP plug-ins:

  • AR System Database Connectivity (ARDBC) LDAP - Accesses data objects stored in a directory service as if they were entries stored in a typical AR System form.
  • AR External Authentication (AREA) LDAP - Authenticates AR System users against external LDAP directory services.

This topic describes how you can configure BMC Cloud Lifecycle Management to use the AR External Authentication AREA LDAP to authenticate users to BMC Cloud Lifecycle Management. 

Before you begin

Before beginning with this document, you will need the following information from the LDAP side so as to be set up in the AR System configuration forms.

AREA LDAP Config Attribute

Description

Host Name

The host name of the system on which the directory service is hosted.

Bind-User

The distinguished name (DN) of the user account that the AREA LDAP plug-in uses to find the user object using the User Search filter.

Bind-Password

The password of the user account that the AREA LDAP plug-in uses to find the user object using the User Search filter.

Port Number

The port number on which the directory service is listening.

Use Secure Socket Layer

Establishes a secure socket layer (SSL) connection to the directory service. The values are T (true) and F (false). If you use LDAP over SSL, then you must also specify the file name of the certificate database used to establish the connection.

Certificate Database

The directory name of the certificate database. The cert8.db and key3.db certificate database files are in this directory. If the directory is not specified, the LDAP plug-in looks under the AR System installation directory for these files. This path is used only when ARDBC-LDAPUsingSSL is set to T (true).

Failover time out

Specifies the number of seconds that the plug-in waits to establish a connection with the directory service. The minimum value is 0, in which case, the connection must be immediate. The maximum value is the External-Authentication-RPC-Timeout setting.

If the Failover time out (AREA-LDAP-Connect-Timeout) setting is not specified, the default value is set to the value of External-Authentication-RPC-Timeout setting (the default is 30 seconds).

Chase Referrals

Enables automatic referral chasing by LDAP client. The options are T (true) and F (false). By default, referrals are not chased (F). This option is for Microsoft Active Directories only.

User Base

Base name of the search for users in the directory service (for example, o=remedy.com).

User Search Filter

The LDAP search filter used to locate the user in the directory from the base that the AREA-LDAP-User-Base option specifies. The following keywords are used to substitute runtime parameters into this option. Note that the backwards slash () is necessary.

  • $\USER$—The user's login name.
  • Name and User Search Filter.
  • $\AUTHSTRING$—The value that the user enters into the Authentication String field at the time they log in.
  • $\NETWORKADDR$—The IP address of the AR System client accessing the AR System server.

Group

Retrieves the group information from the LDAP server. If this parameter is not set, the group information from AR System Group form is used.

Group Search filter

The LDAP search filter used to locate the groups to which this user belongs. The following keywords are used to substitute runtime parameters into this option.

Default Group

Default groups to which the user belongs if no group information is available from the directory service. If there are multiple groups, use a semicolon to separate one from another.

To configure LDAP Information in the LDAP Configuration form

  1. From your browser, use the BMC Remedy Mid Tier URL to log on to the AR System server (in this example, clm-itsmwith the Demo credentials (for example, Demo and no password).
    The IT Home page is displayed for the Demo user.

  2. From the list of applications on the IT Home page, select Applications > AR System Administration > AR System Administration Console.
    This link is only available for Administrator users.

  3. Expand the Navigation options on the left and select System > LDAP > AREA configuration.

    The AREA LDAP configuration form is displayed. 
  4. Scroll down to the Configuration Detail section and provide the information related to LDAP, as shown in the table following the figure.

    The following settings reflect an example implementation.
AttributeValue

Server

10.6.10.13

Port

389

Bind User

Production\ARAdmin

Bind Password

Password for the bind user

Domain Component

dc=prod,dc=abc,dc=lan

User Search Filter

sAMAccountName=$\USER$

Use SSL

No

Chase Referral

No

Group Membership

None

7. Click Save Current Configuration to save the information to the AR Server.The current configuration will be displayed in the Configuration List table.


To configure AR System server to use LDAP to authenticate

After providing the LDAP information in the LDAP configuration form, the AR System server needs to be configured to work with the AREA LDAP plug-in for authentication, as described in the following steps.

  1. From the IT Home Page, select AR System Administration Console > Server Information. 
  2. Navigate to the EA tab.
  3. Set the External Authentication Server RPC Program Number as 390695
  4. Set External Authentication Server Timeout (Seconds) to the following:
    • RPC - 90
    • Need to Sync - 300
  5. Select Authenticate Unregistered Users and Cross Reference Blank Password
    • When the Authenticate Unregistered Users option is selected, AR System first attempts to find the user in the User form. If the user exists in the User form, AR System attempts authentication through that form. If the user does not exist in the User form, AR System attempts authentication through the AREA plug-in.
    • When the Cross Reference Blank Password option is selected, AR System attempts to authenticate through AREA LDAP. For this to work properly, make sure that the user’s password is set in AREA LDAP and no password is set on the User form in AR System. Then, if the user provides the password  when logging in, the user will be successfully authenticated. (If the user does not enter a password, the login attempt will be rejected.)
  6. Set Authentication Chaining Mode as ARS-AREA, which instructs the server to authenticate the user by using the User form and then the AREA plug-in. Other Authentication chaining mode options are:
    1. AREA – ARS - AR System attempts to authenticate the user by using the AREA plug-in and then the User form.
    2. ARS - OS – AREA - AR System attempts to authenticate the user by using the User form, then Windows or UNIX authentication, and then the AREA plug-in.
    3. ARS - AREA – OS - AR System attempts to authenticate the user by using the User form, then the AREA plug-in, and then Windows or UNIX authentication.
    4. Off - Disables authentication chaining.
  7. Restart the AR Server for the changes to take effect.

For more information, refer to the BMC Remedy Action Request System online technical documentation.

Related topics

The following link provides supplemental information available from a blog entry in BMC Cloud Lifecycle Management Communities:

Using AREA LDAP to simplify account authentication in BMC Cloud Lifecycle Management

This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Last modified by Deepa Bhat on Jul 20, 2016
bmc_contributor integrating contributor_unapproved

Comments

Log in or register to comment.

Implementing integrated DNS, DHCP and IP address Management
Integrating with brownfield Remote Atrium
© Copyright 2024 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.