Configuring LDAP authentication

You can configure BMC Helix SSO server to authenticate end users through the Lightweight Directory Access Protocol (LDAP). You can also configure LDAP authentication for external administrators, see Configuring the BMC Helix SSO server for details.

BMC Helix SSO supports strong LDAP bind with Simple Authentication and Security Layer (SASL). In SASL, a challenge-response authentication protocol enables data exchange between the client and the server. Data exchange supports authentication and establishes a security layer for communications.

LDAP v3 also uses SASL for pluggable authentication. By using pluggable authentication, you can select an authentication mechanism that enables a strong bind. For example, a mechanism such as External with SSL and client certificate establishes a strong bind. The mechanism gets the client certificate from the client (browser), and passes it to BMC Helix SSO server. The client certificate is then used to create an SSL connection to the LDAP server.

BMC Helix SSO supports providing additional information about LDAP users and groups. The additional information can be used by an integrated application such as TrueSight Orchestration (formerly BMC Atrium Orchestrator) for administration and authorization.

Important

BMC Helix SSO does not follow LDAP referrals. 

Related topics

Roles and permissions



Troubleshooting authentication issues


Related blogs in BMC Communities

Single Sign-On LDAP authentication Open link



Before you begin

  • Add a realm for LDAP authentication. For information about how to add a realm, see Adding and configuring realms.
  • You must have the LDAP server configured.
  • Obtain the following information from the LDAP administrator:

    • Host name of the LDAP server
    • Port number of the LDAP server
    • Distinguished name of the bind LDAP user
    • Password of the bind LDAP user
    • Starting location within the LDAP directory for performing user searches
    • User attribute on which search is performed.
  1. (Optional) Click Test to verify the settings.

Related video

Watch the video on how to configure LDAP in BMC Helix SSO.
 https://www.youtube.com/watch?v=ClbpS_acLuQ?rel=0


Where to go from here

To enable authentication chaining mode for the realm, see Enabling authentication chaining mode.

To enable AR for bypassing authentication, see Enabling AR authentication for bypassing other authentication methods.

To transform the User ID value, see Transforming userID to match login ID.

Was this page helpful? Yes No Submitting... Thank you

Comments