Configuring LDAP group lookup

Unlike the hybrid approach (authentication only), where users acquire Observer accounts, when you use the full LDAP (authentication and authorization), you can assign different access levels to groups of users registered on the LDAP server. To get a list of valid LDAP groups from the LDAP server, configure authorization through LDAP.

Excerpt named varpermAdmin was not found in document xwiki:IT-Operations-Management.Operations-Management.BMC-Real-End-User-Experience-Monitoring.EUEM20._inclusionsLibrary.varPermAdmin.WebHome.

To configure LDAP group lookup for the Analyzer

  1. On the Administration page of the Real User Analyzer, select General Settings > Accounts and LDAP management, and select the LDAP settings view.

  2. In the LDAP group lookup for authorization section, add information to enable Real User Analyzerto look up users that are registered on the LDAP server:

    (Optional) Click Test lookup.

    1. In the Base DN box, enter the base distinguished name (DN) to indicate where you want to begin the search in the LDAP directory. An LDAP directory is arranged in tree fashion, with a root and branches off this root. The base DN indicates at which node to start the search.
    2. In the Filter box, enter the query string that will return the records that you want to see.
    3. In the Filter Scope list, select the starting point of a search and the depth from the base DN to which the search should occur:
      • Subtree searches all entries at all levels under and including the specified base DN.
      • One Level searches all entries that are one level under the base DN (excludes the base DN).
      • Base searches only the entry at the base DN, resulting in only that entry being returned (if it also meets the search filter criteria).
    4. In the Group name attribute box, enter an LDAP group attribute that the group uses for the lookup — for example cn. It can be any attribute configured on the LDAP server.
    5. In the Member attribute box, enter the name of the member attribute that contains the list of users in the group
  3. If the server and lookup are configured correctly, a list of LDAP groups appears in a new window.

  4. Click Save.

    The authenticated and authorized users acquire accounts that are associated with the roles mapped to their LDAP group.

Related topics

Creating-an-LDAP-managed-account

Configuring-LDAP-authentication-for-the-Analyzer-and-Collector 

Adding-a-role-mapping-rule

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*