Enabling LDAP authentication

After the LDAP module is configured, specify that the LDAP module is to be used for authentication. This task involves specifying LDAP Chain as the organizational choice for authentication.

• • Before you begin
  • To enable LDAP authentication
  • Where to go from here

Before you begin

If you enabled SSL Access to LDAP Server on the LDAP module configuration page, import the certificates and restart the Tomcat server. See Using CA certificates for more information.

To enable LDAP authentication

1. On the Authentication tab for the BmcRealm, click All Core Settings.
    A new page is displayed. At the top of this new page is a series of radio buttons. The buttons are used to select how the user profile is handled when a user is authenticated.
2. In the User Profile field, click either Dynamic or Ignored.
   • Dynamic specifies that a local Single Sign-On user profile is created after a successful authentication, if it does not already exist.
   • Dynamic with User Alias specifies that a local Single Sign-On user profile and user alias is created for each successful authentication.
   • Ignored specifies that no local Single Sign-On user profile is created or required for authentication.
   • Required specifies that a local Single Sign-On user profile with the same user ID is required for authentication to be successful.
3. Click Save.
4. Click Back to Authentication.
5. On the BmcRealm Authentication page, select LDAP Chain from the Organization Authentication Configuration drop down menu.
6. On the BmcRealm Authentication page, select LDAP Chain from the Administrator Authentication Configuration drop down menu.
7. Click Save.

Where to go from here

• In Administering, see managing users, user groups, and authentication modules.