This documentation supports the 9.0 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.Click here to view the documentation for a supported version of Remedy Single Sign-On.

Using an external LDAP user store

This topic describes the process and options available to an BMC Atrium Single Sign-On administrator when using an external Lightweight Directory Access Protocol (LDAP) server to provide group and attribute values for authenticated users. Users and groups cannot be managed from the BMC Atrium Single Sign-On server because the LDAP server access is read-only.

Configuring an external user store is primarily needed when access to group membership information is required. The LDAP authentication module can be used to retrieve user attributes without configuring an external user store. For more information, see Using-LDAP-Active-Directory-for-authentication.

An external LDAP server is used to augment the information available to BMC products. For more information about the configuration options available with the LDAP user store, see the OpenAM documentation.

To create an external LDAP user store

  1. Log on to the BMC Atrium SSO Admin Console
  2. Click Edit BMC Realm.
  3. On the User Store panel, click Add and select LDAPv3 User Store.
  4. On the General tab, provide the LDAP server configuration parameters.
  5. On the Search tab, provide the user and group attributes used for searching.
  6. Click Save.

To modify an existing external LDAP user store

  1. Log on to the BMC Atrium SSO Admin Console
  2. Click Edit BMC Realm.
  3. On the User Store panel, select the LDAPv3 user store and click Edit.
  4. On the General tab, modify your LDAP server configuration parameters.
  5. On the Search tab, modify your user and group attributes used for searching.
  6. Click Save.

Note

You do not need to restart the BMC Atrium Single Sign-On server after modifying the configuration. After saving the configuration, the changes are applied immediately.

LDAPv3 User Store parameters

The LDAPv3 user store uses Active Directory as the user store type. The General tab contains parameters for the LDAP server configuration. The Search tab contain parameters to search for user and group attributes.

The expected LDAP structure for this membership should be expressed by an attribute that is part of the either the user or the group entity.  This attribute should contain the base DN of the other entity. For example, if you are adding an attribute for user entity, the attribute must contain the DN for the group entity. 

General tab

 

LDAP user store editor_April72016.png

Search tab

Note

The user can configure multiple search criteria inside each search filter by using a standard LDAP query syntax and any logical operation.

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*