How to configure CA Business Intelligence R2 for LDAP authentication and integrate with Service Desk?

book

Article ID: 52751

calendar_today

Updated On:

Products

CA IT Asset Manager CA Software Asset Manager (CA SAM) ASSET PORTFOLIO MGMT- SERVER SUPPORT AUTOMATION- SERVER CA Service Desk Manager - Unified Self Service KNOWLEDGE TOOLS CA Service Management - Asset Portfolio Management CA Service Management - Service Desk Manager

Issue/Introduction

Description:

This document explains the steps involved in configuring CA Business Intelligence R2 for LDAP authentication. It also describes the changes required on Service Desk to integrate with CABI using LDAP authentication.

Solution:

CA Business Intelligence (CABI) provides the LDAP security plug-in (secLDAP) that allows mapping user accounts and groups from a LDAP directory to CA Business Intelligence.

Integrating CA Business Intelligence with LDAP allows you to assign LDAP aliases to existing users if their usernames match in CABI.

Steps to configure LDAP authentication within CABI

  1. Login to Central Management Console as Administrator

  2. Under Manage Section, select Authentication (see Figure 1)

    Figure 1

    <Please see attached file for image>

    Figure 1

  3. In the Authentication window, select the LDAP tab

  4. Click on Start LDAP configuration Wizard button (see Figure 2)

    Figure 2

    <Please see attached file for image>

    Figure 2

  5. In the Add LDAP host field, add the hostname with the port number of the LDAP server as hostname:port_number and click on Add (see Figure 3)

    Figure 3

    <Please see attached file for image>

    Figure 3

  6. Click on Next

  7. Select the LDAP Server Type from the drop down. If you are using Windows Active Directory, select custom. In this example Novell eDirectory is used (see Figure 4)

    Figure 4

    <Please see attached file for image>

    Figure 4

    All environments are different in one way or another so you may have the need to change your attribute mappings. If you click Show Attribute Mappings you have the ability to change the LDAP attribute mappings.

    Figure 5

    <Please see attached file for image>

    Figure 5

    Typical Microsoft Active Directory Mappings would look like this.

    Figure 6

    <Please see attached file for image>

    Figure 6

  8. Click Next

  9. In the Base LDAP Distinguished Name field enter the Search Base Ex: o=Myorg,dc=MyDomain (see Figure 7)

    Figure 7

    <Please see attached file for image>

    Figure 7

  10. Click on Next

  11. In the Distinguished name field enter the LDAP DN of the user who has access to the LDAP server.

  12. In the Password field enter the password for the Admin user (see Figure 8)

    Figure 8

    <Please see attached file for image>

    Figure 8

    LDAP Referral Credentials should be provided only if all the following apply

    • The primary host has been configured to refer to another directory server that handles queries for entries under a specified base.

    • The host being referred to has been configured to not allow anonymous binding.

    • A group from the host being referred to will be mapped to BusinessObjects Enterprise.

  13. Click on Next

  14. Type of SSL authentication is Basic. Click Next

  15. LDAP single sign-on authentication is Basic (No SSO), Click Next

  16. In the LDAP aliases configuration screen, it is recommended to leave the default settings. Click Next

  17. Click Finish. This will display all the settings under the LDAP tab (see Figure 9)

    Figure 9

    <Please see attached file for image>

    Figure 9

  18. In the Mapped LDAP Members Groups, specify the LDAP group name which contains the users who need access to CABI. Enter the CN or the DN of the group and click on Update (see Figure 10)

    Figure 10

    <Please see attached file for image>

    Figure 10

  19. Click on Home link to go back to home page of the Central Management Console.

  20. Select Users. From the list of users, if you have a matching LDAP user selects the user (i.e. ServiceDesk)

  21. In the ServiceDesk user details screen, scroll down and click on New Alias (see Figure 11)

    Figure 11

    <Please see attached file for image>

    Figure 11

  22. In the Account Name field, enter the LDAP userid and click Ok. It will fetch the user information and assign the alias (see Figure 12)

    Figure 12

    <Please see attached file for image>

    Figure 12

  23. Click on Update

  24. Now you can login to Infoview using LDAP authentication (see Figure 13)

    Figure 13

    <Please see attached file for image>

    Figure 13

Steps to configure CABI options in ServiceDesk for LDAP authentication

  1. Login to ServiceDesk with an Administrator type account

  2. Go to Administration -> Options Manager -> Web Report

  3. Change the bo_server_auth option to secExternal (see Figure 14)

    Figure 14

    <Please see attached file for image>

    Figure 14

  4. Recycle the CA Service Desk service.

  5. Login to Service Desk as the LDAP user and click on Reports tab. The reports are displayed after getting authenticated by both the LDAP server and CABI.

Environment

Release:
Component: ARGIS

Attachments

1558720965625000052751_sktwi1f5rjvs16vvp.gif get_app
1558720963567000052751_sktwi1f5rjvs16vvo.gif get_app
1558720961499000052751_sktwi1f5rjvs16vvn.gif get_app
1558720959711000052751_sktwi1f5rjvs16vvm.gif get_app
1558720957732000052751_sktwi1f5rjvs16vvl.gif get_app
1558720955804000052751_sktwi1f5rjvs16vvk.gif get_app
1558720953930000052751_sktwi1f5rjvs16vvj.gif get_app
1558720952008000052751_sktwi1f5rjvs16vvi.gif get_app
1558720950084000052751_sktwi1f5rjvs16vvh.gif get_app
1558720947912000052751_sktwi1f5rjvs16vvg.gif get_app
1558720945910000052751_sktwi1f5rjvs16vvf.gif get_app
1558720944121000052751_sktwi1f5rjvs16vve.gif get_app
1558720942029000052751_sktwi1f5rjvs16vvd.gif get_app
1558720939551000052751_sktwi1f5rjvs16vvc.gif get_app