Skip to Content
Information
Unsupported content This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

LDAP considerations

If you choose LDAP authentication, you provide the connection information during the product installation that the product needs to verify the users.

During the installation, you are prompted for the following LDAP information:

  • The LDAP user that is the BMC Dashboards for BSM administrator, which requires the LDAP server name, the identifying LDAP attribute, the user name and password of the administrator user, and the relative distinguished name for the location of the administrator user (for an attribute other than sAMAccountName) or the domain name (for sAMAccountName). If the administrator user is in a “well known” location within the LDAP directory structure, the product can discover it for you. Or, if you know the relative distinguished name, you can manually enter it.
  • (Optional) The sAMAccountName or the distinguished name for the LDAP access user (if the user that you are specifying to be the BMC Dashboards for BSM administrator does not have the permissions required for accessing the LDAP server).

Specifying the LDAP distinguished name and relative distinguished name

During installation, you must specify the information necessary to access the LDAP server and discover the LDAP users. You may be required to enter the LDAP distinguished name, or LDAP relative distinguished name, or both. So that you can verify the LDAP entries specified during the installation, use an LDAP browser (Windows Active Directory User and Computers, for example, if you are installing on Windows). You might need to consult your LDAP administrator for the values appropriate for your system.

Specifying the LDAP distinguished name for the access user

If the user that you are specifying as the BMC Dashboards for BSM administrator does not have access permissions to the LDAP server, you must provide the distinguished name and password for the user, which consists of LDAP attributes specific to the user name entry. The LDAP distinguished name consists of a series of concatenated LDAP attributes, for example: cn (common name), ou (organizational unit), and o (organization).

The following figure shows a sample LDAP directory structure within Windows Active Directory. To provide the distinguished name for bsmuser, you would specify the following: cn=bsmuser,cn=Users, dc=bsmdsl,dc=bmc,dc=com.

(Click the image to expand it.)

Sample_LDAP_dir_structure.jpg

Specifying the LDAP relative distinguished name

If you know the LDAP relative distinguished name, you can enter it. Or, if the user is in a “well known” location within the LDAP directory structure, you can allow the installation program to discover it.

When you allow the installation utility to discover the user, the installation utility searches in the following “well known” locations for the relative distinguished name, using the connection information that you provide during the installation:

  • OU=Domain Users,OU=Security
  • CN=Users
  • OU=People

If the user does not reside in one of those locations, you must specify the relative distinguished name yourself. You must specify the relative distinguished name using the LDAP naming convention which orders components from right to left, delimited by a comma, for example, ou=people,dc=mycompany,dc=com. The space between the attributes does not matter.

Using the sample LDAP directory below, if you were to specify userbranch10 as the LDAP user, you would use the following relative distinguished name: ou=Branch10,ou=All Branches,dc=bsmdsl,dc=bmc,dc=com.

Sample_LDAP_directory.jpg

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Dashboards for Business Service Management 7.7.00