How to configure CEM with LDAP authentication using your own LDAP groups

book

Article ID: 6453

calendar_today

Updated On:

Products

APP PERF MANAGEMENT CA Application Performance Management Agent (APM / Wily / Introscope) CUSTOMER EXPERIENCE MANAGER INTROSCOPE

Issue/Introduction

How to configure CEM with LDAP authentication using your own LDAP groups?

Cause

From documentation > security section:

"for CA CEM, you must create users and all four default security groups on the LDAP server. For example, on the LDAP server you create the cemadmin user and the CEM System Administrator security group. Then you assign cemadmin as a member of the CEM System Administrator security group, thus providing cemadmin with CEM System Administrator security group permissions."

Environment

Release: CEMUGD00200-9.7-Introscope to CA Application-Performance Management-Upgrade Main
Component:

Resolution

If you would like to use your own LDAP groups, you must use CA EEM as described in the below example:


a) custom LDAP groups:

ABC_CEM_ANALYSTS
ABC_CEM_CONADMINS
ABC_CEM_INCIDENTS
ABC_CEM_SYSADMINS
ABC_CEM_TENANT
ABC_INT_ADMIN
Guest

b) We use the default apm users: admin, cemadmin, guest, etc.

c) Each user has been assigned to the its corresponding APM group using the same user structure as the one provided in the users.xml as below:

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AKB0AAO" alt="1.png" width="636" height="298">

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AKBBAA4" alt="2.png" width="627" height="310">

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AKBFAA4" alt="3.png" width="636" height="327">

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AKBGAA4" alt="4.png" width="635" height="344">

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AKBHAA4" alt="5.png" width="647" height="350">

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AKBIAA4" alt="6.png" width="657" height="322">

 

NOTE: The name or number of LDAP groups is not important as long as you properly allocate the LDAP user or groups to the correct APM policies as documented below:


Step 1: Install and configure EEM with Introscope EM as per KB TEC593939 - How to implement CA EEM and LDAP for Authentication and Authorization of CA APM: http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec593939.aspx

Step 2:  Once you finish uploading the safex script, configuring EEM with your LDAP server and reconfiguring your realms.xml in the Introscope EM, you need to update the predefined APM EEM policies with your custom LDAP groups as below:

2a) login to the EEM APM application

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AKBJAA4" alt="7.png" width="538" height="222">
 
2b) Go to the Manage Access Policies > You will see all the APM policies that have been created when you executed the APM safex scripts.

2c) Update all the APM Policies with your own Global Groups (LDAP groups):

Here is an example when updating the Access Policy:

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AKBKAA4" alt="8.png" width="841" height="468">


Below a quick summary view to all the policies:

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AKBLAA4" alt="9.png" width="1044" height="148">

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AKB1AAO" alt="10.png" width="1034" height="201">

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AKB2AAO" alt="11.png" width="1034" height="200">

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AKB3AAO" alt="12.png" width="1026" height="164">

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AKB4AAO" alt="13.png" width="1030" height="174">

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AKB5AAO" alt="14.png" width="1027" height="166">

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AKB6AAO" alt="15.png" width="1024" height="142">

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AKB7AAO" alt="16.png" width="1019" height="132">

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AKB8AAO" alt="17.png" width="1017" height="173">

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AKB9AAO" alt="18.png" width="1021" height="138">

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AKBAAA4" alt="19.png" width="1027" height="147">

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AKBCAA4" alt="20.png" width="1022" height="139">

Step 3: Restart the Introscope EM

Step 4: Login to the CEM console

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AKBDAA4" alt="21.png" width="768" height="449"> 

You can also verify the results in the log

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AKBEAA4" alt="22.png" width="766" height="475">

 

 

 

Attachments

1558714642359000006453_sktwi1f5rjvs16tj0.png get_app
1558714640520000006453_sktwi1f5rjvs16tiz.png get_app
1558714638657000006453_sktwi1f5rjvs16tiy.png get_app
1558714636709000006453_sktwi1f5rjvs16tix.png get_app
1558714634845000006453_sktwi1f5rjvs16tiw.png get_app
1558714632855000006453_sktwi1f5rjvs16tiv.png get_app
1558714631047000006453_sktwi1f5rjvs16tiu.png get_app
1558714629248000006453_sktwi1f5rjvs16tit.png get_app
1558714627490000006453_sktwi1f5rjvs16tis.png get_app
1558714625611000006453_sktwi1f5rjvs16tir.png get_app
1558714623511000006453_sktwi1f5rjvs16tiq.png get_app
1558714621485000006453_sktwi1f5rjvs16tip.png get_app
1558714619541000006453_sktwi1f5rjvs16tio.png get_app
1558714617759000006453_sktwi1f5rjvs16tin.png get_app
1558714615837000006453_sktwi1f5rjvs16tim.png get_app
1558714613866000006453_sktwi1f5rjvs16til.png get_app
1558714612109000006453_sktwi1f5rjvs16tik.png get_app
1558714610376000006453_sktwi1f5rjvs16tij.png get_app
1558714608514000006453_sktwi1f5rjvs16tii.png get_app
1558714606647000006453_sktwi1f5rjvs16tih.png get_app
1558714604813000006453_sktwi1f5rjvs16tig.png get_app
1558714602815000006453_sktwi1f5rjvs16tif.png get_app