search cancel

LDAP Nested Group Authentication

book

Article ID: 189276

calendar_today

Updated On:

Products

CA Infrastructure Management CA Performance Management - Usage and Administration DX NetOps

Issue/Introduction

Please let us know if DX NetOps supports LDAP nested authentication.
 
For example, we have two groups. Group A and Group B. We are testing membership against Group A. Group B is a member of Group A. Can members of Group B have access to DX NetOps?
 
We are finding they cannot.

Environment

Release : 3.7

Component : CA Performance Center

Resolution

CAPC LDAP does not about the hierarchy of groups.

LdapGroups processing does:

1) read the memberOf attribute on the user record provided by ldap.
2) cycle the entries in LdapGroups XML, and if the entry matches an entry in memberOf, we use that userClone.
3) we don't know anything about heirarchy of groups in SSO.
4) if you want sub-groups to be included to use same userClone, you need to add entries to LdapGroups for each subgroup also.