Lets assume in an environment there are multiple LDAP Groups created - for example: NetworkAdmin, SysAdmins and OperatorAdmin.
And those groups have different roles:
NetworkAdmin = admin
SysAdmins = engineer
OperatorAdmin = operator
If a user is member of two of these groups, e.g. NetworkAdmin and SysAdmins, what role will it get - admin or engineer?
Will the search get the profile on the first group found in the LDAP Group configuration, and if found there, stop searching for other groups?
For example, if LDAP configuration have the following parameters set for option "10. Group" when running the './SsoConfig' command:
....
<LDAPGroups>
<Group searchTag="memberOf" searchString=" CN=NetworkAdmin,OU=Groups,OU=North America,DC=abcd,DC=com" user="{sAMAccountName}" passwd="" userClone="nadmin"/>
<Group searchTag="memberOf" searchString=" CN=SysAdmins,OU=Groups,OU=North America,DC=abcd,DC=com" user="{sAMAccountName}" passwd="" userClone="sysadmin"/>
</LDAPGroups>
....
and a user is member of both 'NetworkAdmin' and 'SysAdmins' groups, when this user logs in to CA Performance Center, from which of these groups will it get its profile?
Note: When using this procedure option "9 in the SooConfig "Account User Default Clone:" must be blank.
Example:
9. Account User Default Clone:
More details on LDAP configuration are available in the CA Performance Management documentation: