Documentation Links for Configuring LDAP Authentication in Harvest
Article ID: 187324
Updated On:
Products
Issue/Introduction
How to get LDAP authentication working with Harvest
Environment
Release : 13.x, 14.x
CA Harvest Software Change Manager
Resolution
In the Harvest SCM documentation, the Installation Guide is your best source of information. There are bits and pieces on LDAP authentication all throughout this document, but in particular, you should review the following:
Chapter: Installing CA Harvest SCM on Windows
How to Prepare for the OpenLDAP Installation
Chapter: Configure Broker and Server on UNIX, Linux, and zLinux
Configure-Broker-and-Server-on-UNIX,-Linux,-and-zLinux
See the section titled "External Authentication Configuration" (no hyperlink for this, so you'll have to look for it).
There is a special command line utility you can use to test your LDAP settings before adding them to your HServer.arg file:
hauthtst Command-Authentication Server API Test
In the Knowledge Base, there are several articles as well. Some of these might be a bit older, but the concepts are all there. You should review:
| Article ID | Title |
Desc |
| 55183 | Converting Harvest from Internal to LDAP authentication | External authentication relies on a Lightweight Directory Access Protocol (LDAP) v3-compliant LDAP server, such as Microsoft Active Directory, IBM Tivoli, or Novell eDirectory, to validate the credentials (user names and passwords) and allow users to log in to Harvest. With that sa.... |
| 55234 | Streamlining LDAP Authentication in Harvest | NOTE: LDAP stands for Lightweight Directory Access Protocol. Lightweight Directory Access Protocol provides a good overview of LDAP, including links to sites with more information. My |
| 39892 | Using External Ldap Groups in Harvest | Background: An LDAP directory is a database that can contain directory entries of many different types. It also has the ability to leverage user groups and memberships already defined within your LDAP directory. When Harvest has a task that involves an External user group, what it does is contact the LDAP se.... |
| 69423 | Selecting LDAP user attributes to Synchronize with Harvest | Once Harvest is set up to use external authentication with LDAP, user attributes cannot be changed from the Harvest Administrator Tool. Instead, Harvest will update/synchronize values that you have mapped from the LDAP server into the Harvest database for each user., The parameters you can use to collect information about Harvest users so that it is available to CA Harvest SCM are: -ldapattrusrname= -ldapattrusrfullname= -ldapattrusrp |
| 55323 | Implementing SSL or TLS to LDAP server in Harvest | This article describes how to configure Harvest servers to use either of these protocols when communicating with an openLDAP (Lightweight Directory Access Protocol) server. , Some Microsoft Windows Server, however, uses Active Directory Service Interfaces (ADSI) version 2.5, which only supports SSL (also known a |
| 41335 | LDAP Setting Troubleshooting Tools for Harvest | When having trouble validating the LDAP settings for Harvest, which tools could help? , Third-party GUI LDAP browsers, such as SysinternalsSuite Active Directory Explorer, could be used to verify your LDAP settings and that the user indeed exists in LDAP. It is a stand-alone LDAP connectivity test program. It |
| 206322 | Building a Hauthtst Command from HServer.arg | Is there a way to easily create a hauthtst command from the contents of the HServer.arg?, Here are the steps to follow: Copy and paste the contents of your HServer.arg file into a text editor Remove all lines that don't start with "-authmode", "-ldap*", or "-tls*" For all remaining lines, put an "=" sign between the name of the option and the value, for example: -authmode=openldap For any line where the value has spaces or special characters, be sure to enclose the |
| 48862 | Recommended LDAP sync schedule for Harvest SCM configurations | How often should SCM synchronize with the LDAP directory? , When SCM synchronizes with the LDAP server, what it is doing is reading through the LDAP directory refreshing any changes in the properties for users listed in the haruser table. In addition to automatic synchronization with LDAP, every time you start |
Feedback
