Using an external LDAP user store
This topic describes the process and options available to an BMC Atrium Single Sign-On administrator when using an external Lightweight Directory Access Protocol (LDAP) server to provide group and attribute values for authenticated users. Users and groups cannot be managed from the BMC Atrium Single Sign-On server because the LDAP server access is read-only.
Configuring an external user store is primarily needed when access to group membership information is required. The LDAP authentication module can be used to retrieve user attributes without configuring an external user store. For more information, see Using-LDAP-Active-Directory-for-authentication.
An external LDAP server is used to augment the information available to BMC products. For more information about the configuration options available with the LDAP user store, see the OpenAM documentation.
To create an external LDAP user store
- Log on to the BMC Atrium SSO Admin Console
- Click Edit BMC Realm.
- On the User Store panel, click Add and select LDAPv3 User Store.
- On the General tab, provide the LDAP server configuration parameters.
- On the Search tab, provide the user and group attributes used for searching.
- Click Save.
To modify an existing external LDAP user store
- Log on to the BMC Atrium SSO Admin Console
- Click Edit BMC Realm.
- On the User Store panel, select the LDAPv3 user store and click Edit.
- On the General tab, modify your LDAP server configuration parameters.
- On the Search tab, modify your user and group attributes used for searching.
- Click Save.
LDAPv3 User Store parameters
The LDAPv3 user store uses Active Directory as the user store type. The General tab contains parameters for the LDAP server configuration. The Search tab contain parameters to search for user and group attributes.
General tab
Search tab