• Spaces
  • Collections
  • Help
    • ×
     
     
    •  
    BMC TrueSight App Visibility Manager 2.6

    Page tree

    You can configure the BMC Real End User Experience Monitoring components to use your LDAP system to control user access. When logged on as a user with the Security or Administer role, you can configure LDAP for the BMC Application Management Console, the Real User Analyzer and Real User Collector, or all three, as described in the following sections. 

    Users authorized to access the Console are also authorized to access the Analyzer when they access the Analyzer from the Console. You can also configure LDAP authentication for users who require direct access to the Analyzer or Collector. 

    LDAP configuration options for the Application Management Console

    You can choose from the following configuration options for the Console.

    OptionLogon behaviorProcedures to perform
    Use LDAP for
    Authentication only
    • When LDAP users log on, the LDAP server authenticates their user names, but they acquire roles assigned by the Administrator. The Administrator must create the user account in the Console.
    • If roles are not assigned, users log on with Observer role.
    1. Configuring LDAP authentication for the Console, steps 1–4.
    2. Adding a local account on the Console. You specify LDAP authentication and user roles when you create the account.
    Use LDAP for authentication
    and authorization 
    • LDAP users can log on and are authenticated with credentials in LDAP server.
    • If LDAP server groups are mapped to roles, users log on with mapped roles.
    • If groups are not mapped to roles, users log on with the Observer role, unless the Administrator assigns a specific role to the user.
    1. Configuring LDAP authentication for the Console, steps 1–8.

      To have the system automatically create accounts the first time an LDAP user logs on, perform all the steps in this procedure.
    2. Mapping LDAP groups to user roles in the Console, which enables your users to log on with the system roles mapped to their user account.

    LDAP configuration options for an Analyzer or a Collector

    You can choose from the following configuration options for an Analyzer or for a Collector. 

    Note

    The LDAP configuration procedures for these components also apply to a Real User Monitor component.


    Option
    Logon behavior    		Procedures to perform
    Use LDAP for
    Authentication only
    • Users can log on and acquire roles assigned by the Administrator. The Administrator must create the user account in the Analyzer and Collector.
    • If roles are not assigned, and the automatic account-creation policy is enabled, users log on as Observers.
    1. Adding an LDAP-managed account on an Analyzer or a Collector
    2. Configuring LDAP authentication for an Analyzer or a Collector
    Use LDAP for authentication
    and authorization 
    • LDAP users can log on and are authenticated with credentials in the LDAP server.
    • If LDAP server groups are mapped to system roles, users log in with mapped system roles.
    • If groups are not mapped to roles, users log on with the catch-all role.
    1. Configuring LDAP authentication for an Analyzer or a Collector.
    2. Configuring LDAP group lookup for an Analyzer or a Collector.
    3. Configuring role-mapping rules for an Analyzer or a Collector. This procedure also describes how to set up the catch-all role.

    Related topics

    Supported LDAP servers

    Managing user accounts and permissions

    Enabling BMC Atrium Single Sign-On (SSO) in the Console

    Additional resources

    Wikipedia: Lightweight Directory Access Protocol Open link

    © Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.