Creating an LDAP-managed account
To authenticate access on the Real User Analyzer through an LDAP server, you must map groups on your LDAP server to specific roles. This topic provides the following procedures that you can use to provide access to the Real User Analyzer.
Before you begin
You must have enabled the LDAP service on the Real User Analyzer, as described in selecting an account-management model.
To add a hybrid LDAP account on the Analyzer
This procedure adds an Operator account that is authenticated by LDAP, but you assign the individual user role as you add accounts. You can use this procedure if you selected to use LDAP authentication and Local authorization.
- In a Real User Analyzer, point to Administration > General Settings > Accounts & LDAP Management, and then select Accounts.
- On the Action menu, click Add an Account.
- In the User Name box, enter the name for the account, for example, MyOperator.
- In the Authentication list, select LDAP.
- In the Role list, select Operator.
- Click Save.
To overrride LDAP mapping for a single user on the Analyzer
In the LDAP database, suppose that the user name is listed as MyUser and is a member of a group called Admins. This LDAP group is mapped to the Administrator role on this BMC Real End User Experience Monitoring device. This procedure gives access to the user as an Observer (so you must override the mapped role).
- In a Real User Analyzer component, point to Administration > General Settings > Accounts & LDAP Management, select LDAP Settings, and select the Accounts view.
- On the Action menu, click Add an account.
- In the User Name box, type MyObserver.
- Select the Authentication type LDAP.
- Select Override role mapping and then select Observer.
- Click Save.
To set the "catch-all" role-mapping
This procedure sets a default level of access to your BMC Real End User Experience Monitoring system for LDAP groups that do not have a specific role-mapping rule.
- In a Real User Analyzer component, point to Administration > General Settings, click Accounts & LDAP management, and select the Role mapping view.
- On the Action menu, click Add/Edit.
- In the All others row, select a catch-all role for LDAP groups that are not specifically identified with a role, or select No access.
- Click Save.
Related topics
Configuring-LDAP-authentication-for-the-Console
Configuring-LDAP-authentication-for-the-Analyzer-and-Collector
Configuring LDAP group lookup (for the Analyzer)