Does Spectrum Server support LDAP Group level authentication?
book
Article ID: 206275
calendar_today
Updated On:
Products
CA Spectrum
Issue/Introduction
Does Spectrum Server support LDAP Group level authentication?
Environment
Release : 10.4.x
Component : Spectrum Core / SpectroSERVER
Resolution
LDAP group authentication was added in Spectrum 10.4.2 and there are steps to be followed to configure this:
LDAP User Group Authentication
From 10.4.2, you can log in to
DX NetOps Spectrum
when it is integrated with LDAP even if the user is not present in
DX NetOps Spectrum
. The user is automatically created in
DX NetOps Spectrum
during the first login. However, only those users who are part of the configured LDAP user groups in
DX NetOps Spectrum
can log in automatically. In
DX NetOps Spectrum
, the administrator must manually create a user group in all the landscapes with the same group name and required privileges as present in LDAP.
Review the following points:
The user model is created in
DX NetOps Spectrum
in all the available landscapes in which the user group is present.
If any landscape is down when the user logs in, then you must manually create the user in the landscape when the landscape is available.
If the user is removed from the LDAP server, then the user must be manually removed from the
DX NetOps Spectrum
user group in every landscape.
If the user is moved from one user group to another in the LDAP server, then you must do it manually in the
DX NetOps Spectrum
groups. However, login of the user is not affected for the user even if the user is not moved in
DX NetOps Spectrum
.
If the user is part of the multiple groups in the LDAP server and matched with the multiple groups configured in
DX NetOps Spectrum
, then the first matching group is considered for the user authentication. In this case, the order in which the LDAP server returns the user group names is random. Therefore, matching is not always the same.
Follow these steps:
Log in to OneClick Console.
Create a user group with the same name as present in the LDAP server.