If you use Active Directory as your user store, you can specify the user and group data that is captured in the report snapshot.
You can use LDAP queries in the snapshot parameter XML file that filter the Active Directory data by user and by group. However, you cannot use LDAP queries that filter the Active Directory data by role membership. You can use LDAP queries only in the <!--PUPM COLLECTORS--> section of the snapshot parameter XML file
The following process describes how the LDAP queries in the snapshot parameter XML file limit the Active Directory data that CA ControlMinder Enterprise Management collects. This information helps you write the correct LDAP query to limit the report snapshot.
When CA ControlMinder Enterprise Management captures an Active Directory report snapshot, it does the following:
<export object="com.ca.ppm.export.ADUsersCollector">
If the element does not contain an LDAP query, CA ControlMinder Enterprise Management includes data for all Active Directory users in the snapshot.
<export object="com.ca.ppm.export.ADGroupsCollector">
If the element does not contain an LDAP query, CA ControlMinder Enterprise Management includes data for all Active Directory groups in the snapshot.
Note: CA ControlMinder Enterprise Management does not collect data for any user that is not returned by the query in Step 1. If a user is a member of a group that is returned by the query in Step 2, but the user is not returned by the query in Step 1, CA ControlMinder Enterprise Management does not include any data for the user in the Active Directory snapshot.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|