LDAP Nested Group Authentication
Article ID: 189276
Updated On:
Products
CA Infrastructure Management
CA Performance Management - Usage and Administration
DX NetOps
Issue/Introduction
Please let us know if DX NetOps supports LDAP nested authentication.
For example, we have two groups. Group A and Group B. We are testing membership against Group A. Group B is a member of Group A. Can members of Group B have access to DX NetOps?
We are finding they cannot.
Environment
Release : 3.7
Component : CA Performance Center
Resolution
CAPC LDAP does not about the hierarchy of groups.
LdapGroups processing does:
1) read the memberOf attribute on the user record provided by ldap.
2) cycle the entries in LdapGroups XML, and if the entry matches an entry in memberOf, we use that userClone.
3) we don't know anything about heirarchy of groups in SSO.
4) if you want sub-groups to be included to use same userClone, you need to add entries to LdapGroups for each subgroup also.
LdapGroups processing does:
1) read the memberOf attribute on the user record provided by ldap.
2) cycle the entries in LdapGroups XML, and if the entry matches an entry in memberOf, we use that userClone.
3) we don't know anything about heirarchy of groups in SSO.
4) if you want sub-groups to be included to use same userClone, you need to add entries to LdapGroups for each subgroup also.
Feedback
Yes
No
Powered by
