Administering › Managing User Authentication › LDAP Authentication › Auto Enrollment LDAP Users
Auto Enrollment LDAP Users
LDAP authentication lets you add users to a particular role automatically. Auto Enrollment is similar to standard LDAP authentication because it also requires an association between a directory object and a particular role.
A role that uses LDAP authentication can allow or not allow auto-enrollment:
Note: You must set up auto-enrollment in the edit roll panel.
- Auto Enrollment Considerations
-
- We suggest that you only attempt to auto enroll a single user into a single role.
- Users can only be auto-enrolled into a single role, unless the user uses a separate password for each role, and each role has a separate Directory set up.
- If the user is a member of an LDAP-authenticated role, do not use automatic enrollment to enroll them into another role
- It is an administration error to have a user in more than one role authenticated by different LDAP setups which share credentials.
Your user can only log in as Role A or Role B, and you cannot determine ahead of time which role they are logged into by CA OM Web Viewer.
- Normally, CA OM Web Viewer performs the following steps:
- If you check mainframe security before LDAP security, some of your users might not be automatically enrolled. (See Preferred Security System Order).
The following situations might occur if the LDAP and mainframe credentials of a user match and you check mainframe security before LDAP security.
- Your user might be auto-enrolled into the Default User Role with the mainframe credentials if the mainframe credentials are the same as the LDAP credentials.
- Additionally, the user might be logged into a different role that uses mainframe credentials for authentication.
Copyright © 2014 CA Technologies.
All rights reserved.
|
|