Does Spectrum Server support LDAP Group level authentication?


Article ID: 206275


Updated On:


CA Spectrum


Does Spectrum Server support LDAP Group level authentication?









Release : 10.4.x

Component : Spectrum Core / SpectroSERVER


LDAP group authentication was added in Spectrum 10.4.2 and there are steps to be followed to configure this:

LDAP User Group Authentication
From 10.4.2, you can log in to 
DX NetOps Spectrum
 when it is integrated with LDAP even if the user is not present in 
DX NetOps Spectrum
. The user is automatically created in 
DX NetOps Spectrum
 during the first login. However, only those users who are part of the configured LDAP user groups in 
DX NetOps Spectrum
 can log in automatically. In 
DX NetOps Spectrum
, the administrator must manually create a user group in all the landscapes with the same group name and required privileges as present in LDAP.
Review the following points:
  • The user model is created in 
    DX NetOps Spectrum
     in all the available landscapes in which the user group is present.
  • If any landscape is down when the user logs in, then you must manually create the user in the landscape when the landscape is available.
  • If the user is removed from the LDAP server, then the user must be manually removed from the 
    DX NetOps Spectrum
     user group in every landscape.
  • If the user is moved from one user group to another in the LDAP server, then you must do it manually in the 
    DX NetOps Spectrum
     groups. However, login of the user is not affected for the user even if the user is not moved in 
    DX NetOps Spectrum
  • If the user is part of the multiple groups in the LDAP server and matched with the multiple groups configured in 
    DX NetOps Spectrum
    , then the first matching group is considered for the user authentication. In this case, the order in which the LDAP server returns the user group names is random. Therefore, matching is not always the same.
Follow these steps:
  • Log in to OneClick Console.
  • Create a user group with the same name as present in the LDAP server.
  • Copy the 
     file from the 
     directory to the 
  • Edit the 
  • Set the property 
    LDAPGroups authEnabled
     as shown in the following example:
    <LDAPGroups authEnabled="false"> To <LDAPGroups authEnabled="true">
    If the LDAP groups are configured and the 
    LDAP groups authEnabled
     property is not set to true, the LDAP user cannot be authenticated in 
    DX NetOps Spectrum
  • Add the group search tag and the search string for each LDAP group.
    <Group searchTag="memberOf" searchString="CN=group_name,CN=Users,DC=company,DC=local"/>
    Ensure that 
    DX NetOps Spectrum
     contains the user group with the same name as in the LDAP server.
  • Save the file.
  • Restart the OneClick server.

Additional Information

LDAP User Group Authentication