Configuring LDAP group retrieval during authentication

You can set up your LDAP configuration in Remedy Single Sign-On to retrieve LDAP groups during authentication. This configuration enables authentication calls to retrieve user group and role details in addition to user information. 

For more information about LDAP authentication in Remedy SSO, see LDAP authentication process.

To configure LDAP group retrieval in the console

  1. From the console, access the Realm tab.
  2. Click on your realm ID.
  3. Click Authentication.
  4. From the Authentication Type list, choose LDAP.
  5. Add LDAP bind information to facilitate logging on to the LDAP server. 
    1. In the Server Host field, specify the server host name in a FQDN format. 
    2. From the Server Port list, select the appropriate port for the LDAP server.
    3. In the Bind DN field, type the distinguished name (DN) of an LDAP user.
      For example, CN=Administrator,CN=Users,DC=example,DC=com.       
    4. In the Bind Password field, enter the password for the LDAP user specified in the Bind DN.
    5. In the Users Base DN field, specify the starting location within the LDAP directory for performing user searches. 
  1. Select Enable Group Retrieval.

  2. On the User Authentication tab, enter the following information:

    Field

    Description

    User Search Filter

    Enter the LDAP query to search for the user to be authenticated and if found to display the user's distinguished name.

    For example, (&(objectClass=user)(sAMAccountName=$USER$))

    Identity Attribute

    Enter the attribute to be used as a user name. It will be later provided as a user's name to the integrated systems with Remedy SSO.

    For example, sAMAccountName.

    This field is not displayed if you had selected Use SASL.

  3. On the Group Support Authentication tab, enter the following information. 

    Field

    Description

    Groups Base DN

    Enter Base DN for group search.

    If this is not specified, Users Base DN is used.

    Group Name Attribute

    Enter the attribute to be used as group name.

    For example, cn.

    Groups of User Filter

    Enter the LDAP query to return the list of the groups for a particular user. The user is specified by $DN$ macro. For example,

    (&(objectCategory=group)(member=$DN$)).

    When the Enable Group Retrieval check box is selected, this is a required field.

  4. Click Save to save the LDAP configuration changes and then click Save to save the changes made to the realm.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*