Creating LDAP group mapping

In BMC Release Process Management 4.8, you can map LDAP groups to the groups in BMC Release Process Management. The advantage of LDAP group mapping is that, after the first login, LDAP users are automatically added to the mapped groups, and the corresponding group roles and permissions are assigned to them. Therefore, you do not have to add users to groups manually, however, this option is available. If there is no LDAP mapping set up, a user is automatically assigned to the default group after the first login.

LDAP mapping is updated at each login. However, manual group assignments have higher priority than LDAP mapping. If you assign a user to a group manually, the assignment is not cleared. Consider the following:

Example
  1. Ldapgroup1 is mapped to group1 that has role1.
  2. User1 from ldapgroup1 logs in.
  3. User1 is automatically added to group1 and inherits role1.
  4. User1 is manually added to group2 that has role2.
  5. User1 is manually removed from group1.
  6. User1 logs off.
  7. User1 logs in and is assigned to both group1 and group2 and inherits role1 and role2.

Note

 If a group is made inactive, a user is automatically removed from the group at the login.

To create LDAP group mapping:

  1. Make sure LDAP authentication is enabled.
  2. Navigate to System > Groups.
  3. Do one of the following:
    1. To map an LDAP group to an existing group, from the Actions column, click Edit.
    2. To map an LDAP group to a new group, create a group.
  4. In Search base:   

    • If the field is empty, enter the path to the LDAP group base.

      Example: OU=SomeOrganizationUnit11, OU=SomeOrganizationUnit1, DC=example, DC=com.

      Note

      The Search base field is automatically populated with the value specified for LDAP Group Search Base when enabling LDAP authentication.

    • If the field is already populated, go to the next step.

  5. In Search name, enter the name of the group, and then click Add.

    Example: CN=GroupCommonName111.  

    The group appears in the LDAP Groups list.  Repeat this step for all LDAP groups that you want to map.

    Note

     If you receive a system message that there are no matches, consider the following:

    • The specified group does not exist.
    • LDAP server is down.
    • Wrong mapping format is used in the Search base/Search name boxes.
    • The group is already mapped.
  6. To remove a group from the LDAP Groups list, select the group, and then click Remove.  
  7. Save your changes.

Enabling-LDAP-authentication

Managing-groups

REST-groups

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*