search cancel

LDAP group permission in CA Service Catalog not working When Having multiple LDAP servers in EEM


Article ID: 243450


Updated On:


CA Service Catalog CA Service Management - Service Desk Manager


In Catalog when setting up permissions for a specific service offering, whenever I select  LDAP group, members of this given group are still unable to see the offering.



Release : 17.3

Component : Catalog - EEM


The EEM principal name needs to match with the userid from ca_contact (Catalog/SDM) to be able to see the LDAP groups in the Catalog's user profile and allow permissions to work properly. When having 2 LDAP's, the principal name will be <domain>\<userid> but the userid will be just <userid>. 

If you configure Basic LDAP Configuration (1 LDAP) you will be able to see that this issue does not occur. This is because the Basic configuration does not have a domain so the principal name matches with the userid from ca_contact.

We have a couple of options:

1. Configure with Basic configuration (1 LDAP) if it's possible

2. Change the userid to <domain>\<userid> to match with EEM principal name

3. Configure User Defined Groups in EEM and configure the user permissions with these groups, not with the global groups from LDA Server. Link: