Security updates for SP1
Version 8.3 SP1 includes the following updates related to Security:
- Domain authentication enhancement to correlate users
- Support for LDAP servers for LDAP user sync
- LDAP authentication with short user names
Domain authentication enhancement to correlate users
LDAP user synchronization in BMC Server Automation has been enhanced to allow domain authentication to first match the userName before matching userName@domainName. Domain authentication can now correlate users from the RBAC user's table.
In addition, a new BLCLI command, the syncUsersWithNameSuffix command in the RBACRole namespace, enables you to specify the user name suffix to append to RBAC users during synchronization. This enables you to override the default @domainName with some other suffix (for example, @differentDomainName or @dnsName).
Support for LDAP servers for LDAP user sync
BMC Server Automation version 8.3 SP1 supports user synchronization with LDAP servers, in addition to Active Directory servers. This was accomplished by adding support for all authentication types during user synchronization through the BLCLI, so that the synchronized RBAC users are enabled for any authentication type that you choose and are not limited to domain authentication or ADK authentication.
A new version of the syncUsers BLCLI command now accepts the role name and authentication type as command input.
LDAP authentication with short user names
BMC Server Automation administrators can now use LDAP authentication without forcing users to have direct knowledge of their full distinguished name in LDAP. During configuration of LDAP authentication, new LDAP settings in the Application Server Administration console (the blasadmin utility) enable the administrator to link any user’s full distinguished name with a shorter, simpler alias of the name. During authentication, the user can then enter the simple user name, and BMC Server Automation automatically determines the corresponding full distinguished name for use in the LDAP authentication.