Does Spectrum Server support LDAP Group level authentication?
search cancel

Does Spectrum Server support LDAP Group level authentication?

book

Article ID: 206275

calendar_today

Updated On:

Products

CA Spectrum DX NetOps

Issue/Introduction

Does Spectrum Server support LDAP Group level authentication?

Environment

Release : 10.4.2 - Present

Component : SPCOCK - Spectrum OneClick

Resolution

From 10.4.2, you can log in to DX NetOps Spectrum when it is integrated with LDAP even if the user is not present in DX NetOps Spectrum. The user is automatically created in DX NetOps Spectrum during the first login. However, only those users who are part of the configured LDAP user groups in DX NetOps Spectrum can log in automatically. In DX NetOps Spectrum, the administrator must manually create a user group in all the landscapes with the same group name and required privileges as present in LDAP.

Review the following points:
- The user model is created in DX NetOps Spectrum in all the available landscapes in which the user group is present.
- If any landscape is down when the user logs in, then you must manually create the user in the landscape when the landscape is available.
- If the user is removed from the LDAP server, then the user must be manually removed from the DX NetOps Spectrum user group in every landscape.
- If the user is moved from one user group to another in the LDAP server, then you must do it manually in the DX NetOps Spectrum groups. However, login of the user is not affected for the user even if the user is not moved in DX NetOps Spectrum.
- If the user is part of the multiple groups in the LDAP server and matched with the multiple groups configured in DX NetOps Spectrum, then the first matching group is considered for the user authentication. In this case, the order in which the LDAP server returns the user group names is random. Therefore, matching is not always the same.

Follow these steps:
- Log in to OneClick Console.
- Create a user group with the same name as present in the LDAP server.
- Copy the ldap-grps-mappings-config.xml file from the $SPECROOT\tomcat\webapps\spectrum\WEB-INF\ldap\config directory to the $SPECROOT\tomcat\custom\ldap\config directory.
- Edit the ldap-grps-mappings-config.xml file.
- Set the property LDAPGroups authEnabled to true as shown in the following example:<LDAPGroups authEnabled="false"> To <LDAPGroups authEnabled="true">If the LDAP groups are configured and the LDAP groups authEnabled property is not set to true, the LDAP user cannot be authenticated in DX NetOps Spectrum.
- Add the group search tag and the search string for each LDAP group.<Group searchTag="memberOf" searchString="CN=group_name,CN=Users,DC=company,DC=local"/>Ensure that DX NetOps Spectrum contains the user group with the same name as in the LDAP server.
- Save the file.
- Restart the OneClick server.

Additional Information