Previous Topic: listagent Command—Display Status Information for AgentsNext Topic: Acknowledgements

Related DocumentationRetrieve and Authenticate Users of an LDAP Group

Retrieve and Authenticate Users of an LDAP Group

By default, the CA Workload Automation DE server does not retrieve and authenticate users of an LDAP group. To retrieve and authenticate users of an LDAP group, configure the CA Workload Automation DE server.

Important! To use this feature, update your CA Workload Automation DE server with the patch RO67825 or higher.

Follow these steps:

  1. Open the following file in a text editor:
    install_dir

    Specifies the server installation directory.

  2. Set the following parameter: 
    ldap.pullUsersFromSubdirectories=true

    Note: If the parameter is set to false, users from subdirectories of the configured LDAP directory are not retrieved.

  3. (Optional) Set the following parameter: 
    ldap.propertyNameForLogin=property_name
    property_name

    Specifies the LDAP user property that contains the username.

    Default: cn (MS Active Directory and Novell eDirectory); uid (Sun One Directory Server)

    Example: sAMAccountName

  4. Add the following filter parameters: 
    LDAP_GETUSERS_FILTER=(&(|(|(|(objectClass=person)(objectClass=organizationalPerson))(objectClass=inetOrgPerson))(objectClass=user))(memberOf=LDAP_group))

    LDAP_USERLOGIN_FILTER=(&(&(|(|(|(objectClass=person)(objectClass=organizationalPerson))(objectClass=inetOrgPerson))(objectClass=user))(memberOf=LDAP_group))(__ldapLoginNameProp__=__user__))
    memberOf=LDAP_group

    Specifies the path for the LDAP group that the users are retrieved from and authenticated.

    Example: CN=Team-ITC-Women-Forum,OU=Groups,OU=ITC Hyderabad,DC=ca,DC=com

    Note: To retrieve and authenticate users of an LDAP group, the LDAP user that is specified in the LDAP configuration must have access to the memberOf property of the LDAP server. You can specify multiple LDAP groups using multiple memberOf properties. You can filter the users that are retrieved and authenticated from the LDAP group using criteria that is based on the cn value.

    __ldapLoginNameProp__=__user__

    Specifies the login name of an LDAP user that is configured in the LDAP server.

    Note: Do not modify the __ldapLoginNameProp__ property. When a user tries to log in, the CA Workload Automation DE server substitutes __user__ with the login name of the user during authentication.

  5. Save and close the file.
  6. Restart the server.

    CA Workload Automation DE retrieves and authenticates users of the specified LDAP group.

Example: Retrieve and Authenticate Users of an LDAP Group

The following example retrieves and authenticates users of the LDAP group ‘CN=Team-ITC-Women-Forum,OU=Groups,OU=ITC Hyderabad,DC=ca,DC=com’ in MS Active directory:

LDAP_GETUSERS_FILTER=(&(|(|(|(objectClass=person)(objectClass=organizationalPerson))(objectClass=inetOrgPerson))(objectClass=user))(memberOf=CN=Team-ITC-Women-Forum,OU=Groups,OU=ITC Hyderabad,DC=ca,DC=com))

LDAP_USERLOGIN_FILTER=(&(&(|(|(|(objectClass=person)(objectClass=organizationalPerson))(objectClass=inetOrgPerson))(objectClass=user))(memberOf=CN=Team-ITC-Women-Forum,OU=Groups,OU=ITC Hyderabad,DC=ca,DC=com))(__ldapLoginNameProp__=__user__))

Example: Retrieve and Authenticate Users of Multiple LDAP Groups

The following example retrieves and authenticates users of two LDAP groups in MS Active directory:

Example: Retrieve and Authenticate Users Whose cn Value Starts with p

The following example retrieves and authenticates users whose cn value starts with p from the LDAP group ‘CN=Team-ITC-Women-Forum,OU=Groups,OU=ITC Hyderabad,DC=ca,DC=com’ in the MS Active directory server:

LDAP_GETUSERS_FILTER=(&(&(|(|(|(objectClass=person)(objectClass=organizationalPerson))(objectClass=inetOrgPerson))(objectClass=user))(memberOf=CN=Team-ITC-Women-Forum,OU=Groups,OU=ITC Hyderabad,DC=ca,DC=com))(cn=p*))

LDAP_USERLOGIN_FILTER=(&(&(&(|(|(|(objectClass=person)(objectClass=organizationalPerson))(objectClass=inetOrgPerson))(objectClass=user))(memberOf=CN=Team-ITC-Women-Forum,OU=Groups,OU=ITC Hyderabad,DC=ca,DC=com))(cn=p*))(__ldapLoginNameProp__=__user__))