Default language.

Configuring AREA LDAP group search


In releases previous to BMC Remedy AR System 7.0, external authentication required that every LDAP group to which a user belonged have a matching AR System group. If a user belonged to an LDAP group without a matching AR System group, external authentication failed. Hence, administrators had to create an AR System group for each LDAP group, and BMC Remedy AR System searched for groups at only one level in the defined base group. Now, you can map LDAP groups to AR System groups and ignore excess LDAP groups.

Best practice
We recommend that you use the Remedy Management Console to configure AREA LDAP group search. For more information, see Setting global and local level configurations using Remedy Management Console.

 Mapping LDAP groups to AR System groups

This section explains how to map LDAP groups to AR System groups.

Note

For maximum benefit, map LDAP groups to AR System groups and ignore excess LDAP groups.

To map LDAP groups to BMC Remedy AR System groups

This form shows the local level value of the configuration. If a local value does not exist, the form displays the global level configuration. If you modify the value on this form, the local level configuration value is modified.

For example, if a configuration shows global level value and you modify the value by using this form, the local level value gets created for the configuration.

  1. Open the AR System Administration: Server Information form, and click the EA tab.
  2. Click in the Group Mapping table to add a row, and enter the names of the LDAP and BMC Remedy AR System groups to map. Enter only one group name in each column.

    Note

    You can map many LDAP groups to a single AR System group. If you map a single LDAP group to many AR System groups, BMC Remedy AR System uses only the first mapping.

    LDAP Group Mapping table on EA tab
    (Click the image to expand it.)
    EA_tab.png

  3. Click Apply and OK.

 Ignoring excess LDAP groups

Formerly, a user was authenticated only when each LDAP group to which the user belonged matched an AR System group. Now, you can configure BMC Remedy AR System to authenticate a user when any single LDAP group to which the user belongs matches an AR System group. You do this by specifying that BMC Remedy AR System ignore excess LDAP groups.

Note

For maximum benefit, ignore excess LDAP groups and map LDAP groups to AR System groups.

To ignore excess groups

  1. Open the AR System Administration: Server Information form, and click the EA tab.
  2. In the Group Mapping box, select the Ignore Excess Groups check box.
  3. Click Apply and OK.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*