Writer instructions

Page title

For most spaces, this page must be titled Space announcements.

For spaces with localized content, this page must be titled Space announcements l10n.

Purpose

Provide an announcement banner on every page of your space.

Location

Move this page outside of your home branch.

Guidelines

Limited supportBMC provides limited support for this version of the product. As a result, BMC no longer accepts comments in this space. If you encounter problems with the product version or the space, contact BMC Support.BMC recommends upgrading to the latest version of the product. To see documentation for that version, see MainView Middleware Administrator 9.1.

Implementing the LDAP_LDAP model

Before implementing any model that includes LDAP, you must set up secure LDAP. To apply the LDAP_LDAP model, do the following:

  1. Create a user to add to the Product Administrators list. For instance, if changing from ADMIN_ADMIN to LDAP_LDAP, select a username that exists in LDAP, create a user with that username, and add the user to the Product Administrator list. Upon changing the security model to LDAP_LDAP, that user can log in and administer the product.

    If you do not perform this step you may be unable to access 

    MainView Middleware Administrator

     (

    MVMA

    ).

  2. Add the new user to the Product Administrators list:
    1. Select Product Administrators from the Navigation Panel.
    2. View the Administrators List.
    3. Select the Add icon and select the new user from the dialog.
    4. Save the Product Administrators list.
    5. Confirm the action by selecting the Product Administrators object from the Navigation Panel once more to verify the new user in the table.
  3. Select the Security option (object) from the Navigation Panel. The Security Model view fills the workspace.
  4. Select LDAP_LDAP from the Security Model pulldown. LDAP_LDAP properties are displayed:

    TSMA_LDAP_Settings.png
  5. Complete the field entries by referring to the LDAP Field Descriptions below.
  6. Double-check your entries against those supplied.
  7. Shut down your MVMA service. 
  8. Please act on the following, depending on your configuration, before restarting the MVMA service:
    1. For those installations that connect to a secure LDAP port (ldaps://hostname:636), you must import the LDAP server's root certificate into the MVMA truststore.
    2. For Active Directory, the root certificate is found on the domain controller (where AD runs) root drive with the name [dns name of ca]_[name of cert].crt.

    3. You can import this into the MVMA service's truststore by entering the following string sequence:

      keytool -import -alias <alias_name> -file <path_to_server_cert> -keystore <bmm-admin_install_path>/security/truststore.jks

      For example:

      keytool -import -alias bmmadmin_ldap -file /tmp/ldap_server.crt -keystore /opt/BMC/bmm-admin/security/truststore.jks 

    4. You are asked to provide the key store password. The default is 'bmcsoftware'.
  9. Restart your MVMA server. When the server is ready, log in using the credentials of the user you added to the Product Administrators list. The password entered must be the password that LDAP/Active Directory has recorded for your username.

LDAP Field Descriptions

The following definitions are the specific and appropriate entries for the LDAP Security Model properties that you enter when changing a Security Model. Machine names in the following sections (such as excused-ABC30L1,DC) are placeholders for your actual server/system names. You enter the specific string for your real-world machine names in each instance.

LDAP Server URL

This is the URL used by MVMA to make the connection to the LDAP server.
AD Example:
ldaps://server5c4.happyvalleyoftware.com:636

LDAP Manager Dn

This is the DN of a user which can read entries in the LDAP directory.
AD Example:
CN=Administrator,CN=Users,DC=ixxx-ABC30L1,DC,DC=com

LDAP Manager Password

This is the password for the LDAP manager user DN.
AD Example:
secret

LDAP User Search Base

The base DN from which searches for user information occur
AD Example:
CN=Users,DC=ixxx-ABC30L1,DC,DC=com

LDAP User Search Filter

The search filter used to identify users
AD Example:
(&(objectClass=user)(sAMAccountName={0}))

LDAP Users Search Filter

The search filter used to find users within the directory.
AD Example:
(&(objectClass=user)(sAMAccountName={0}))

LDAP Username Attribute

This is used by MVMA to identify the text to use as the username.
AD Example:
sAMAccountName

LDAP Group Search Base

This is the base DN used to search for groups. Groups should be somewhere down the sub tree rooted by this DN.
AD Example:
CN=Users,DC=ixxx-ABC30L1,DC=com

LDAP Group Search Filter

This is the search filter expression used to find groups by name.
AD Example:
(&(objectClass=group)(cn={0}))

LDAP Group Member Search Filter

This is the search filter expression used to determine members of groups.
AD Example:
(&(objectClass=group)(member={0}))

LDAP Groups Search Filter

This is the search filter expression that returns group names. This is used by MVMA to find groups to which to assign permissions.
AD Example:
(&(objectClass=group)(cn={0}))

LDAP Group Name Attribute

This is the attribute that represents the name of a group in LDAP/AD.
AD Example:
cn

LDAP Group Member Attribute

This is the attribute that represents a member of a group within LDAP/AD.
AD Example:
member 

LDAP Max Nested Group Recursion Level

Used by MVMA to limit the amount of recursion used to find nested groups.
AD Example:

Note

Granting Product Administrator privileges by group requires the recursion level to be greater than 0.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*