Configuring the Authentication Server to refresh LDAP session credentials
BMC BladeLogic Decision Support for Server Automation relies on the ability to refresh session credentials when executing scheduled jobs. This allows you to run reports that recur over long periods of time without you re-authenticating.
When refreshing session credentials, the Authentication Service validates the user account on the directory server. The account must exist and be enabled for logging on.
User account attributes that indicate whether an account has been disabled or locked differ across directory servers. The Authentication Service relies on the user validation filter (see Using-user-validation-filters) to specify how to validate account attributes. If a custom user validation filter is not defined, the Authentication Service can only verify that the user account has not been deleted.
To refresh session credentials, the Authentication Service might need to authenticate itself to the directory server. If authentication is required, you must define a default LDAP user name and password
To configure an Authentication Server to refresh LDAP session credentials
- On the Authentication Server, start the Application Server Administration console (that is, the blasadmin utility).
Provide a default LDAP user name and password that can be used to log on when refreshing session credentials by entering the following commands:
set Ldap DefaultUser <name>set Ldap DefaultPassword <password>To validate that users can log on using LDAP, enter the following command:
set AuthServer LDAPUserValidationFilter <filter>where <filter> is a validation filter used to validate users for a particular LDAP schema. For more information about user validation filters and examples of typical filters for common LDAP directories, see Using-user-validation-filters.
- Restart the Authentication Server.