Are there any limitations on using Active Directory as the LDAP server when configuring LDAP authentication?
Article ID: 54150
Updated On:
Products
CA IT Asset Manager
CA Software Asset Manager (CA SAM)
ASSET PORTFOLIO MGMT- SERVER
SUPPORT AUTOMATION- SERVER
CA Service Desk Manager - Unified Self Service
CA Service Desk Manager
CA Service Management - Asset Portfolio Management
CA Service Management - Service Desk Manager
Issue/Introduction
Description:
CA Business Intelligence provides both Active Directory authentication and LDAP authentication separately. This document explains the limitations of using Active Directory as a LDAP server instead of using Active Directory authentication.
Solution:
The following limitations apply, if LDAP is configured against Active Directory:
- You will be able to map your users, however, you will not be able to configure either single sign-on or single sign-on to the database.
- Users who are only members of a default groups from AD will not be able to log in successfully. Users must also be a member of another explicitly created group in AD and, in addition, this group must be mapped. An example of such a group is the "domain users" group.
- If a mapped domain local group contains a user from a different domain in the forest, the user from a different domain in the forest will not be able to log in successfully.
- Users from universal group from a domain different than the DC specified as the LDAP host will not be able to log in successfully.
It is recommended that Active Directory authentication be used separately to configuring AD with LDAP authentication.
Environment
Release:
Component: ARGIS
Component: ARGIS
Feedback
Yes
No
Powered by
