This documentation supports the 23.3 version of BMC Helix ITSM.To view an earlier version, select the version from the Product version menu.

Integrating BMC Helix ITSM with LDAP for broadcasting

You can integrate BMC Helix ITSM with LDAP so that you can distribute broadcasts to your LDAP distribution groups.

This topic describes the basics of how to update the broadcasts.properties  file to integrate with LDAP.  To complete this process, you should already understand your LDAP schema so that you can make the necessary associations and set fields properly.

Related topic

Broadcasting messages

Properties in broadcasts.properties file

The following table lists the properties that you can set in the broadcasts.properties file:

Property

Description

broadcast.ttl.default=

Determines the default time for a broadcast to live. The value you provide is normalized to seconds.

If broadcast.ttl.default= is not provided, the default value is 24 hours (or 86,400,000 milliseconds).

Example: broadcast.ttl.default=86400000

broadcast.ttl.minimum=

Determines the minimum time for a broadcast to live. The value you provide is normalized to seconds. 

If broadcast.ttl.minimum= is not provided, the default value is five minutes (or 300,000 milliseconds).

Example: broadcast.ttl.minimum=300000

broadcast.ttl.maximum=

Determines the maximum time for a broadcast to live. The value you provide is normalized to seconds.

If broadcast.ttl.maximum= is not provided, the default value is 365 days (or 31,536,000,000 milliseconds).

Example: broadcast.ttl.maximum=31536000000

broadcast.avail.ldap=

Determines whether LDAP distribution groups are available for broadcasts.

If broadcast.avail.ldap= is set to true, a call to the appropriate REST API instructs the Digital Workplace Admin console to include LDAP distribution groups for the User Groups option in the Send Broadcasts window. (See the Working with broadcasts topic.)

If broadcast.avail.ldap= is not provided, the default value is false. If the value is false or if you do not supply a broadcasts.properties file, the User Groups option does not allow you to select user groups.

ldap.url=

The LDAP or LDAPS URL.

This URL must be in the following form: ldap://host:port  or ldaps://host:port .

The default ports for LDAP and LDAPS are 389 and 686, respectively.

ldap.auth.type=

 

The LDAP authentication type. The available schemes are as follows:

  • none
  • simple (requires credentials)

Example: ldap.auth.type=simple

ldap.auth.user=

 

The full distinguished name of the principal LDAP user.

Example: ldap.auth.user=CN\=<Your Username Here>,OU\=Domain Users,OU\=Security,DC\=adprod,DC\=bmc,DC\=com

ldap.auth.pswd=

The authentication password, in plain text.

When the Smart IT server is started up and loads, the value for the plain text password is replaced by an encrypted password.

ldap.querytime.maximum=
ldap.querysize.maximum=

Timeouts and size limitations are for each partial query that makes up each functional call; they do not represent the operation as a whole.

The maximum time is in milliseconds. The value default is 300,000 (or 5 minutes). The maximum size units are per return record. The default is 1,000.

The LDAP server has preset limits configured, which you cannot usually override.

Examples:
ldap.time.maximum=300000
ldap.size.maximum=10000

ldap.group.base=

The distinguished name (DN) search base for groups. 

Example: ldap.group.base=DC\=orgName,DC\=companyName,DC\=com

ldap.group.filter=

The filter for querying groups by a conditional search substitution string that the process inserts. Include %s at the point at which the conditional search is inserted.

Example:
ldap.group.filter=(&(objectclass\=group)(%s))

ldap.subgroup.filter=

The filter for querying subgroups contained within other groups by name using a search string. Include %s at the point at which the search string is substituted.

Example: ldap.subgroup.filter=(&(objectclass\=group)(memberOf\=%s))

ldap.group.attr.id=
ldap.group.attr.dn=
ldap.group.attr.name=

Specifies group attributes to retrieve for the common name (cn), distinguished name (dn), and displayable name (name).

Example:
ldap.group.attr.id=cn
ldap.group.attr.dn=distinguishedName
ldap.group.attr.name=name

ldap.user.base=

The DN search base for users.

Example: ldap.user.base=DC\=orgName,DC\=companyName,DC\=com

ldap.user.filter=

The filter for querying users by the groups to which they belong, by using the distinguished name of the group in question. Include %s at the point at which the search string is substituted.

Example: ldap.user.filter=(&(objectClass\=user)(memberOf\=%s))

ldap.user.attr.id=
ldap.user.attr.dn=
ldap.user.attr.name=
ldap.user.attr.email=

User attributes to retrieve for the common name (cn), distinguished name (dn), displayable name (name), and email address (email).

Example:
ldap.user.attr.id=cn
ldap.user.attr.dn=distinguishedName
ldap.user.attr.name=displayName
ldap.user.attr.email=mail


To integrate BMC Helix ITSM with LDAP to send broadcasts to user groups

  1. Open the broadcasts.properties file, located in the  TomcatInstallFolder/external-conf folder.
  2. Edit the LDAP properties described in the preceding table.
  3. Save the broadcasts.properties file.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*