Need Advice on Setting UP IAM for Multiple Providers for our Infrastructure
search cancel

Need Advice on Setting UP IAM for Multiple Providers for our Infrastructure

book

Article ID: 189381

calendar_today

Updated On:

Products

CA Cloud Test Mobile CA Application Test

Issue/Introduction

Need some advice on how to configure for the below scenario:

On DevTest 10.5.0 using Derby.
We have users setup in two different LDAP providers, users in both providers.
One LDAP provider is for our Production DevTest environment.
The other LDAP provider is for our Development DevTest environment.

The users in the PROD LDAP provider have lower authority.
The users in the DEV LDAP provider have higher authority.

We have this DevTest infrastructure:

One IAM setup with both PROD and DEV LDAP providers.
One Enterprise Dashboard (EDB) pointing to the one IAM.
PROD Registry and DEV Registry point to the same EDB.

IAM has the PROD LDAP set to priority 0 and the DEV LDAP set to a priority of 1.

Because of the way the LDAP providers are searched, when the user logs in to DevTest and connects to the DEV Registry, it will get the lower authority of the PROD LDAP since this provider is looked at first and the user is in this provider.

One solution is to create an additional IAM and EDB, to keep the PROD and DEV environments apart to have their own IAM and EDB.  So one IAM is configured with just the PROD LDAP provider and the other IAM configured with just the DEV LDAP provider, then have the PROD EDB point to the PROD IAM and the DEV EDB point to the DEV IAM.

We are trying to avoid having to set up a second IAM and EDB.

Any suggestions to keep our current infrastructure without having to create the additional IAM and EDB?


 

Environment

Release : 10.5

Component : CA Service Virtualization

Cause

N/A

Resolution

Suggest having two IAM and Enterprise Dashboard. Configure one LDAP on one IAM and the other LDAP on the other IAM since not able to distinguish the different users that are in both providers in one IAM.

Connect the Enterprise Dashboards accordingly to IAM.

Connect the Registries accordingly to Enterprise Dashboards.