Unsupported content This version of the product has reached end of support. The documentation is available for your convenience. However, you must be logged in to access it. You will not be able to leave comments.

Configuring LDAP group retrieval during authentication

You can set up your LDAP configuration in Remedy Single Sign-On to retrieve LDAP groups during authentication. This configuration enables authentication calls to retrieve user group and role details in addition to user information. 

For more information about LDAP authentication in Remedy SSO, see LDAP authentication process.

To configure LDAP group retrieval in the console

  1. From the console, access the Realm tab.
  2. Click on your realm ID.
  3. Click Authentication.
  4. From the Authentication Type list, choose LDAP.
  5. Select Enable Group Retrieval.

  6. In the following optional fields, provide group retrieval details:

    Field

    Description

    Base DN for group search

    Provide the starting location within the LDAP directory for performing group searches. The search DNs should be as specific as possible for performance reasons. The depth of the search that is performed can be configured. If an object search is specified, then the Base DN should be the DN of the node containing the groups. If no value is specified, the base DN for the user search value is used.

    Example: CN=Groups,DC=004331dc,DC=local

    Group Filter

    Provide the filter expression to determine additional group memberships beyond primary groups (nested groups).

    Default: (&(objectClass=group)(CN={})) This default works for Active Directory and OpenLDAP group retrieval. If you are using a different directory service, use the filter for that service.

  7. Click Save.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*