How to configure CA Business Intelligence (CABI) R3 for LDAP authentication and integrate with CA Service Desk Manger (CA SDM)

book

Article ID: 48697

calendar_today

Updated On:

Products

SUPPORT AUTOMATION- SERVER CA Service Desk Manager - Unified Self Service KNOWLEDGE TOOLS CA Service Management - Asset Portfolio Management CA Service Management - Service Desk Manager

Issue/Introduction

Description:

This document explains the steps involved in configuring CA Business Intelligence (CABI) R3 for LDAP authentication. It also describes the changes required within CA Service Desk Manager (CA SDM) to integrate with CABI using LDAP authentication.

Solution:

Steps to configure LDAP authentication within CABI

  1. Login to the CABI Central Management Console (CABI) with an Administrator account.
  2. On the home screen, select AUTHENTICATION.

    <Please see attached file for image>

    Figure 1

  3. In the Authentication window, double-click on LDAP.

    <Please see attached file for image>

    Figure 2

  4. Click on the 'Start LDAP Configuration Wizard' button.

    <Please see attached file for image>

    Figure 3

  5. In the 'Add LDAP host' field, add the LDAP hostname with the port number of the LDAP server as LDAP_hostname:port_number and click on the ADD button and click NEXT.

    <Please see attached file for image>

    Figure 4

  6. Select the LDAP Server Type from the drop down. In this example, Microsoft Active Directory Application server is used.

    <Please see attached file for image>

    Figure 5

    All LDAP environments and configurations are different in one way or another so you may have to change the attribute mappings. If unsure about the attribute mappings, please consult with your LDAP Administrator for the exact attribute settings to be used.

    If you click 'Show Attribute Mappings' you will have the ability to change the LDAP attribute mappings.

    <Please see attached file for image>

    Figure 6

    Typical Microsoft Active Directory Mappings would look like this.

    Note: Notice that if you change any of the Attribute Mappings, the LDAP Server Type will change to CUSTOM - this is expected.

    <Please see attached file for image>

    Figure 7

  7. Click NEXT.
  8. In the Base LDAP Distinguished Name field, enter the Search Base (i.e O=Myorg,DC=MyDomain) and click on NEXT.

    <Please see attached file for image>

    Figure 8

  9. In the Distinguished Name field enter, the LDAP DN of the user who has access to the LDAP server. In the Password field, enter the password for the user entered. LDAP Referral Credentials should be provided only if all the following apply (usually not required:
    • The primary LDAP host has been configured to refer to another directory server that handles queries for entries under a specified base
    • The LDAP host being referred to has been configured to not allow anonymous binding
    • A group from the LDAP host being referred to will be mapped to CABI

    Click NEXT to continue.

    <Please see attached file for image>

    Figure 9

  10. Select Basic (no SSL) in the Type of SSL authentication drop-down field and click NEXT.

    <Please see attached file for image>

    Figure 10

  11. Slect Basic (No SSO) in the Authentication drop-down field and click NEXT.

    <Please see attached file for image>

    Figure 11

  12. In the LDAP Aliases Configuration screen, it is recommended to use the following settings:

    <Please see attached file for image>

    Figure 12

    Click NEXT to continue.

  13. Click FINISH to save the LDAP settings entered.

    <Please see attached file for image>

    Figure 13


  14. In the Mapped LDAP Members Groups section, specify the LDAP group(s) which contains the LDAP users who will need access to CABI Reports. You can enter either the CN or the DN of the LDAP group and then click on the ADD button.

    <Please see attached file for image>

    Figure 14


  15. Click the UPDATE button at the bottom of the page. At the top, you should see the message LDAP Authentication Updated.

    <Please see attached file for image>

    Figure 15

  16. Click on the HOME

    <Please see attached file for image>

    Figure 16 button to return to the home page of the Central Management Console.
  17. Click USERS AND GROUPS and then select USERS LIST. From the list of users, you should now see CABI accounts for the LDAP users that are in the LDAP group(s) you specified in step #14.
  18. Click on GROUP LIST. You should see the LDAP group(s) entered in step #14 listed. Depending on the CABI report rights you wish to assign to the LDAP users, add the LDAP group to one of the out of box CABI CA Report groups - CA Report Admin, CA Report Author or CA Report Viewer.

Note: At a minimum, CABI users must be at least a member of the CA Report Viewer CABI group in order to view/run CABI reports.

Steps to configure CABI options in CA SDM for LDAP authentication

  1. Login to CA SDM with an account that has Administrator privileges
  2. Navigate to ADMINISTRATION-> OPTIONS MANAGER-> WEB REPORT
  3. Change the BO_SERVER_AUTH option to secLDAP

    Note: This document presumes that the other necessary steps to integrate CABI with CA SDM have already been performed. If not, please refer to the 'Integrate CA Business Intelligence with CA SDM' section of the CA SDM Implementation Guide for further details.

    Note: As long as the BO_SERVER_AUTH option is "Installed", it does not matter what value it is set to (ex: secExternal or secLDAP etc.,) Just Installing the option is good enough for CA SDM.

  4. Recycle the CA SDM service for the change to take effect.
  5. Login to CA SDM with a user that has a LDAP CABI account and click on the REPORTS tab. The CABI reports are displayed after the user is authenticated by both the LDAP server and CABI.

Environment

Release:
Component: SDBOXI

Attachments

1558721632631000048697_sktwi1f5rjvs16w54.gif get_app
1558721630868000048697_sktwi1f5rjvs16w53.gif get_app
1558721628926000048697_sktwi1f5rjvs16w52.gif get_app
1558721627211000048697_sktwi1f5rjvs16w51.gif get_app
1558721625462000048697_sktwi1f5rjvs16w50.gif get_app
1558721623741000048697_sktwi1f5rjvs16w4z.gif get_app
1558721621948000048697_sktwi1f5rjvs16w4y.gif get_app
1558721619924000048697_sktwi1f5rjvs16w4x.gif get_app
1558721617390000048697_sktwi1f5rjvs16w4w.gif get_app
1558721615116000048697_sktwi1f5rjvs16w4v.gif get_app
1558721613247000048697_sktwi1f5rjvs16w4u.gif get_app
1558721611490000048697_sktwi1f5rjvs16w4t.gif get_app
1558721609745000048697_sktwi1f5rjvs16w4s.gif get_app
1558721608055000048697_sktwi1f5rjvs16w4r.gif get_app
1558721605655000048697_sktwi1f5rjvs16w4p.gif get_app