ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Configuring LDAP for DevTest IAM (VS Catalog) and define Default Role to Users


Article ID: 106221


Updated On:


CA Application Test CA Continuous Application Insight (PathFinder)


Identity and Access Manager is the component that provides user authentication for Virtual Service Catalog. Use Identity and Access Manager to manage users and sessions, define realm settings, and federate external user databases.


Component: ITKOVS


 1. Login to Identity and Access Manager 
 2. Choose User Federation 
 3. Choose Add provider...
 4. Choose your Vendor, this is your LDAP provider, from the dropdown.
 5. Connection URL, enter in the connection URL to your LDAP server.  
 6. Click the "Test connection" pushbutton to verify the connection. 
    Should display "Success! LDAP connection successful." at top of webpage.
 7. Users DN, type in the LDAP tree where your users are, example: ou=users,ou=north america,dc=ca,dc=com
 8. Bind DN, type in the user-dn that will be accessing your LDAP server to validate users, example: cn=serviceacct,ou=users,ou=north america,dc=ca,dc=com
 9. Bind Credential, enter in the password for the user-dn
10. Click the "Test authentication" pushbutton to authenticate the credentials. 
    Should display "Success! LDAP authetication successful." at top of webpage.
11. All other fields can be left with their default values.

Configuring LDAP Default Role for Users to view service from Virtual Service Catalog

12. Choose Mappers tab. 
13. Choose Create (pushbutton on right) 
14. In the Name field type default_role_mapper
15. In the Mapper Type field choose from the dropdown hardcoded-ldap-role-mapper .
16. In the Role field type virtual-service-catalog.service_catalog_user (Selecting through the UI will not work) 

17. Click Save.

When users login to the Virtual Service Catalog they will get added to the Users with the default role to only view services. No need to have them join any groups unless they also need elevated access.

Additional Information