CA Service Management

 View Only
Expand all | Collapse all

Service Catalog Login After EEM LDAP

  • 1.  Service Catalog Login After EEM LDAP

    Posted Jan 02, 2019 07:48 AM

    I was using EEM pointing to internal database and now I pointed it to an LDAP directory.

    After that I changed EEM user permissions from Process Automation (pamadmin) and Service Catalog (spadmin) but I only are able to login to Process Automation.

    If I try to log to Service Catalog I receive a message of user, password or business unit invalid.

    This is my dev environment but the AD was my prod Env and I have the pamadmin and spadmin users created in this AD and it is working in Prod Env.

    There are some more changes that I need to do to make catalog work?



  • 2.  Re: Service Catalog Login After EEM LDAP

    Broadcom Employee
    Posted Jan 02, 2019 08:33 AM

    Good Morning Paulo.

    Please explain in detail what you mean with:
    "After that I changed EEM user permissions from Process Automation (pamadmin) and Service Catalog (spadmin) but I only are able to login to Process Automation."

     

    In general, before you configure EEM for AD, you need to create some 'objects' in AD first:
    Users: casmadmin, spadmin, pamadmin
    Group: OpenSpaceAdminGroup, with the above users as members

     

    Kind regards, Louis.



  • 3.  Re: Service Catalog Login After EEM LDAP

    Posted Jan 02, 2019 08:40 AM

    Hi Louis

     

    These users and groups are already created and is working in Prod environment, because this AD is my prod server that is configured in my Prod EEM.

    I need to do some tests so I pointed this same Prod AD to my Dev EEM.

    After configuring AD in EEM I accessed the EEM PAM and Catalog Applications and configured the new spadmin and pamadmin user permission in the respective applications, but only PAM worked.

    I was not able to login to Catalog.



  • 4.  Re: Service Catalog Login After EEM LDAP

    Broadcom Employee
    Posted Jan 02, 2019 08:39 AM

    Good Morning Paulo.

     

    Can you login to EEM with userid(s) spadmin,casmadmin and pamadmin?

    Do these userids show in the EEM Users list?

     

    Kind regards, Louis.



  • 5.  Re: Service Catalog Login After EEM LDAP

    Posted Jan 02, 2019 08:44 AM

    Yes, I´m able to login and the users apears when I search for users.



  • 6.  Re: Service Catalog Login After EEM LDAP

    Broadcom Employee
    Posted Jan 02, 2019 08:46 AM

    Hi Paulo. Thanks for your reply.

     

    Why would you 'change the new spadmin and pamadmin user permission'.

    As 'spadmin' is still 'spadmin', right? In both Prod and Dev environment.

     

    By the way, it is better practice to have a separate AD for your Dev-EEM.

     

    Kind regards, Louis.



  • 7.  Re: Service Catalog Login After EEM LDAP

    Posted Jan 02, 2019 08:54 AM

    I changed the spadmin and pamadmin user permissions inside EEM respective applications for the AD users.

    After not changing pam application permissions I was not able to log to pam.

    But for catalog even changing permissions in catalog EEM application make me able to log to catalog.



  • 8.  Re: Service Catalog Login After EEM LDAP

    Broadcom Employee
    Posted Jan 02, 2019 08:59 AM

    Hi Paulo.

     

    Sorry, I am out of options now.

    Perhaps some one else in the Community can help you further.

    Otherwise, I propose to open a standard case for full Support and follow-up.

     

    Thanks for your understanding and kind regards, Louis.



  • 9.  Re: Service Catalog Login After EEM LDAP

    Posted Jan 02, 2019 09:07 AM

    Thanks for help.

    I will wait more time and if nobody in the community could help I will open a standard case.



  • 10.  Re: Service Catalog Login After EEM LDAP

    Posted Jan 03, 2019 11:56 AM

    I am not sure I fully understand what you are trying to accomplish, however it seems as if there may be some confusion as to how EEM integrates with Service Management apps.  For PAM, EEM handles account role management; in the case of LDAP, authentication management is passed through.  Altering PAM Accounts is done in EEM Directly.  With Service Catalog it is a little different.  While Service Catalog does utilize EEM,  Users are not managed directly in EEM. Service Catalog is used directly for managing users and it stores the information in EEM for you. The following, may not be correct as I am not as familiar with Service Catalog but I believe the recommended configuration is that Service Catalog would be connected to LDAP separately from EEM for authentication.  Once authenticated by SC in LDAP, permissions stored in EEM are used internally in Service Catalog.



  • 11.  Re: Service Catalog Login After EEM LDAP
    Best Answer

    Broadcom Employee
    Posted Jan 11, 2019 06:36 AM

    Good Afternoon Paulo.

     

    Are you okay with this? Or do you need to open a standard case?

     

    Thanks and kind regards, Louis.