Configuring LDAP for Remedy Smart Reporting authentication
Remedy Smart Reporting has two methods of authentication from the Admin Console:
- Remedy Smart Reporting authentication—The user's credentials (user ID and password) are stored in Remedy Smart Reporting and checked to authenticate a user logging in to the system.
- LDAP authentication—Remedy Smart Reporting references an external directory (LDAP) or database to perform the authentication. A user enters their user ID and password (or it is passed by single sign on) and Remedy Smart Reporting authenticate the details with those in the LDAP directory.
With LDAP authentication, Remedy Smart Reporting access can be simply and quickly controlled externally and organization-wide. Users can use their existing intranet password for Remedy Smart Reporting, and reports can be given access restrictions that include or exclude users in specific LDAP groups. In addition, removal or lockout of the user in the LDAP directory automatically flows to Remedy Smart Reporting. Remedy Smart Reporting must authenticate via the directory for every login request, minimizing the manual effort of managing users.
To prepare to use LDAP
- Create a Remedy Smart Reporting user (or specify an existing user) within the LDAP directory to allow Remedy Smart Reporting to connect and search for users and groups.
- Create a Remedy Smart Reporting user group within the LDAP directory (or specify one). The group is used to determine which users have access to Remedy Smart Reporting.
- Ensure network connectivity between the Remedy Smart Reporting server and the LDAP server.
- Define the default Remedy Smart Reporting role for LDAP users.
- Navigate to Administration > General > Role Management.
- Select the role you want to make the default.
Select the Default Role box.
- Click Save.
To configure Remedy Smart Reporting to use LDAP
To provision users from the LDAP directory and to use LDAP authentication, define the required attributes on the Configuration page. For more information, see Configuration in the Yellowfin documentation.
The following table lists the required attributes.
Property | Description | Parameter |
|---|---|---|
LDAP Host | LDAP server host name or IP address | 192.168.4.241 |
LDAP Port | TCP/IP port that the LDAP server is listening on | 389 |
Encryption | The encryption method implemented by the LDAP server. the options are: None, TLS, and SSL. | |
LDAP Base Distinguishing Name (DN) | The LDAP node that all users and groups are contained within. | cn=Users,dc=i4,dc=local |
LDAP (Remedy Smart Reporting User) Group | LDAP Group Name that identifies which users can log in to Remedy Smart Reporting. This group exists in the LDAP directory, not Remedy Smart Reporting. Only members of this group can log in to Remedy Smart Reporting. | CN=Remedy Smart Reporting Users,CN=Users, CD=i4,CD=local |
LDAP Bind User | The LDAP user that the Remedy Smart Reporting application uses to connect to the LDAP directory for search access. The user must have rights to search the LDAP directory. | cn=Administrator,cn=Users,dc=i4,dc=local |
LDAP Bind Password | The LDAP password required for the Remedy Smart Reporting application to connect to the LDAP directory that is associated with the LDAP Bind User. | ********* |
LDAP Search Attribute | A unique user name field that LDAP users use to log in Remedy Smart Reporting. | employeeID |
LDAP First Name Attribute | Attribute that maps to the First Name attribute of the user within the LDAP directory. With this attribute, Remedy Smart Reporting can match the user to a name and create an internal user account. | givenName |
LDAP Surname Attribute | Attribute that maps to the surname attribute of the user within the LDAP directory. With this attribute, Remedy Smart Reporting can match the user to a name and create an internal user account. | lastName |
LDAP Email Attribute | Attribute that maps to the email address attribute of the user within the LDAP directory. With this attribute, Remedy Smart Reporting can match the user to an email address for broadcast reports. | userPrincipleName |
LDAP Role Attribute | Attribute that maps to a Remedy Smart Reporting Role to be assigned to the user instead of the default role. See RoleCode in the OrgRole table. | Writer |
LDAP Group Filtering Criteria | Criteria used to filter a list of LDAP groups. Only groups returned in the filtered list are passed to Remedy Smart Reporting. | |
Ordering | The order in which internal authentication is performed. The options are LDAP Authentication First and Internal Authentication First. | LDAP Authentication First |
After the attributes are defined, Remedy Smart Reporting automatically provisions users as they attempt to log in to Remedy Smart Reporting for the first time.
Remedy Smart Reporting Security and LDAP
After LDAP authentication is enabled, the Group Management screens include a new group option called LDAP. Groups from the LDAP directory are used as normal Remedy Smart Reporting groups. You can also create Remedy Smart Reporting Groups based on a variety of sources including mixtures of LDAP and Remedy Smart Reporting groups, where LDAP groups can be included or excluded in the new group. To create this type of group:
- Open the Add LDAP Group drop-down list.
- Select the group to be used to create members.
- Click Add to add the LDAP Group members into the Remedy Smart Reporting group.