DevTest Using Resource Groups with LDAP/LDAPs
Article ID: 103175
Updated On:
Products
CA Application Test
Service Virtualization
CA Continuous Application Insight (PathFinder)
CA Service Virtualization (DevTest / LISA / VSE / Application Test)
Issue/Introduction
You should only create Resource Groups for those users that need the limited access.
This example of for use of Resource Groups with 3 VSEs with the role of SV Power.
This example of for use of Resource Groups with 3 VSEs with the role of SV Power.
Environment
Release:
Component: ITKOTF
Component: ITKOTF
Resolution
Create 3 new roles, make a copy of SV Power:
SV Power1
SV Power2
SV Power3
The Users that need access to only VSE1, give them only SV Power1 role.
The Users that need access to only VSE2, give them only SV Power2 role.
The Users that need access to only VSE3, give them only SV Power3 role.
Create 3 Resource Groups:
One that contains just VSE1
One that contains just VSE2
One that contains just VSE3.
Assign SV Power1 role to Resource Group VSE1.
Assign SV Power2 role to Resource Group VSE2.
Assign SV Power3 role to Resource Group VSE3.
In order to have certain users assigned to particular VSEs, you will need to request the 3 additional groupDNs created in your Active Directory and make sure they are removed from the GroupDN that has access to all VSEs.
Add the new roles to the ldap-mappings.xml file.
Example, the new roles are added at the end:
<mapping role="Super User">
<groupDN>cn=superadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="DevTest Administrator">
<groupDN>cn=devadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="Test Administrator">
<groupDN>cn=testadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="System Administration">
<groupDN>cn=sysadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="PF Power">
<groupDN>cn=pfadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="SV Power">
<groupDN>cn=svadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="Test Power">
<groupDN>cn=tpadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="Runtime">
<groupDN>cn=rtadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="Test Runner">
<groupDN>cn=tradmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="Test Observer">
<groupDN>cn=toadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="Load Tester">
<groupDN>cn=ltadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="User">
<groupDN>cn=users,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="Guest">
<groupDN>cn=guests,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="SV Power1">
<groupDN>cn=sv1admins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="SV Power2">
<groupDN>cn=sv2admins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="SV Power3">
<groupDN>cn=sv3admins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
Users can then log in to the Portal or Workstation and have access to only the resources they need to have access to.
SV Power1
SV Power2
SV Power3
The Users that need access to only VSE1, give them only SV Power1 role.
The Users that need access to only VSE2, give them only SV Power2 role.
The Users that need access to only VSE3, give them only SV Power3 role.
Create 3 Resource Groups:
One that contains just VSE1
One that contains just VSE2
One that contains just VSE3.
Assign SV Power1 role to Resource Group VSE1.
Assign SV Power2 role to Resource Group VSE2.
Assign SV Power3 role to Resource Group VSE3.
In order to have certain users assigned to particular VSEs, you will need to request the 3 additional groupDNs created in your Active Directory and make sure they are removed from the GroupDN that has access to all VSEs.
Add the new roles to the ldap-mappings.xml file.
Example, the new roles are added at the end:
<mapping role="Super User">
<groupDN>cn=superadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="DevTest Administrator">
<groupDN>cn=devadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="Test Administrator">
<groupDN>cn=testadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="System Administration">
<groupDN>cn=sysadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="PF Power">
<groupDN>cn=pfadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="SV Power">
<groupDN>cn=svadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="Test Power">
<groupDN>cn=tpadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="Runtime">
<groupDN>cn=rtadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="Test Runner">
<groupDN>cn=tradmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="Test Observer">
<groupDN>cn=toadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="Load Tester">
<groupDN>cn=ltadmins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="User">
<groupDN>cn=users,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="Guest">
<groupDN>cn=guests,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="SV Power1">
<groupDN>cn=sv1admins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="SV Power2">
<groupDN>cn=sv2admins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
<mapping role="SV Power3">
<groupDN>cn=sv3admins,ou=groups,dc=example,dc=com</groupDN>
</mapping>
Users can then log in to the Portal or Workstation and have access to only the resources they need to have access to.
Feedback
Powered by
