Creating an LDAP-managed account

To authenticate through an LDAP server, you must map groups on your Lightweight Directory Access Protocol (LDAP) server to specific

The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

roles.

Note

For remotely authenticated accounts to work, you must enable the LDAP service.

To add a hybrid LDAP account (LDAP authentication only)

This procedure adds an Operator account that is authenticated remotely via LDAP.

The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

  1. In a

    The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

    component, point to Administration > General Settings, and then click Accounts & LDAP management.
  2. Select the Accounts view.
  3. On the Action menu, click Add an account.
  4. In the User Name box, enter the name for the account — for example, MyOperator.
  5. In the Authentication list, select LDAP.
  6. In the Role list, select Operator.
  7. Click Save.

To add a full LDAP account (LDAP authentication and authorization)

In the LDAP database, suppose that the user name is listed as MyUser and is a member of a group called Admins. This LDAP group is mapped to the Administrator role on this

The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

device. This procedure gives access to the user as an Observer (so you must override the mapped role).

The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

  1. In a

    The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

    component, point to Administration > General Settings, click Accounts & LDAP management, and switch to the Accounts view.
  2. On the Action menu, click Add an account.
  3. In the Username text box, type MyObserver.
  4. Select the Authentication type LDAP.
  5. Select Override role mapping and then select Observer.
  6. Click Save.

Note

If an account is deleted while its user is logged on, the session terminates after the user's next action.

To set the "catch-all" role-mapping

This procedure sets a default level of access to your BMC Real End User Experience Monitoring system for LDAP groups that do not have a specific role-mapping rule.

The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

  1. In a

    The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

    component, point to Administration > General Settings, click Accounts & LDAP management, and switch to the Role mapping view.
  2. On the Action menu, click Add/Edit.
  3. In the All others row, select a catch-all role for LDAP groups that are not specifically identified with a BMC Real End User Experience Monitoring role, or select No access.
  4. Click Save.

Related topics

Creating-a-local-account
Configuring-authentication-through-LDAP
Configuring-authorization-through-LDAP

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*