Skip to Content
Information
Out of support This documentation supports the 8.0 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.Click here to view the documentation for a supported version of Remedy Single Sign-On.

Creating a new LDAP data store

To use an external LDAP server as a data store, you either create a new data store or modify an existing data store to access the LDAP server.

To create a new LDAP store

  1. Navigate to Access Control > BmcRealm link > Data Stores.
  2. Click New.
  3. Enter the name for the new data store.
  4. Click the type of data store that you want to create.
    • Active Directory, Active Directory Application Mode (ADAM), Generic LDAPv3, and Sun DS are equivalent LDAP data store types.
    • The main difference between the data stores is the initial default data supplied for the data store configuration.
    • An AR Server data store is not an LDAP type. For information on creating and configuring an AR Server data store, see Using AR Server for authentication.
  5. Click Next.
     After the data store is created, you are routed to the data store configuration page where you can configure the attributes that the data store uses to access the LDAP server.
  6. In the LDAP Server field, select the current value and click Remove.
  7. Provide the LDAP server parameters.
     These parameters allow access to the LDAP server.
  8. Modify or verify LDAP user and group data attributes.
    1. In the LDAPv3 Plug-in Supported Types and Operations field, remove the existing entries and add the following entries:
      • user=read
      • group=read
    2. In the LDAP Users Search Filter field, verify that the search filter is applicable for the users within the LDAP server.
    3. If the default class specified is not used by user entries in the server, then searches will fail.
    4. In the LDAP Groups Container Value field, verify that the value is correct.
    5. In the LDAP User Attributes field, add or remove attributes as needed.
    6. Verify that the attributes reflect attributes that can be used with the user entries in the LDAP server . Note that the following internal attributes are also available for mapping:
      • Email: The user's email address
      • Phonenumber: The user's phone number
      • Address: The user's mailing address
      • Firstname: The first name of the user
      • Lastname: The last name of the user
      • Fullname: The full name of the user, usually including middle initial
    7. Remove attributes that are never used and those that are not needed for the mapping function.
  9. Click Save.

LDAP server configuration parameters

LDAP user data attributes

LDAP group data attributes

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Atrium Single Sign-On 8.0.00