is there a way how to configure CA EEM as a proxy for one MS Active Directory and for another CA EEM (or other LDAP)?
The customer has internal analysts in the Active Directory and external users are in the separate DB. The idea was to store external users in CA EEM (EEM2 in internal user store mode) and use another CA EEM (EEM1) as a proxy for the Active Directory and the EEM2. The basic concept is in the picture below.
Maintaining the external users in the internal AD is not the option for the customer.
Thank you for your ideas,
I'm not sure about EEM, but the included CA Directory can act as a frontent for other LDAP Servers. I think I've done such a setup in the past - AD mapped to an OU and another DSA (CA Directory) mapped to another OU, unified under the same DSA (CA Directory). EEM was configured to look up identitied under the new - umbrella - DSA.
* Connect to Other LDAP Servers - CA Directory - 12.0.15 - CA Technologies Documentation
* Prefix Mapping - CA Directory - 12.0.15 - CA Technologies Documentation
thank you so much for your reply...
Do you have some hints or maybe documentation from your previous project where some basic steps are described? I've never worked with CA Directory and with LDAP generally. I've red some parts of CA Directory documentation, but I'm not able even to find and start the JXweb tool.
Another question - how can I find which version of CA Directory goes with CA EEM 220.127.116.11? On the CA wiki there are many versions from 12 to 14.
Have a great day and thanks again,
There's a really old doc on this item, maybe that gives you some ideas: Using CA Directory to point CA Service Desk to mul - CA Knowledge
Keep in mind, CA Directory team does not support this approach anymore
Finally, I tried another approach for maintaining external users instead of another EEM - Microsoft Active Directory Lightweight Directory Services (AD LDS - previously known as ADAM). The main reason was that CA EEM supports integration to multiple MS AD domains and AD LDS can be set as one of them - so no CA Directory black magic is needed and everything can be done easily via CA EEM interface.
Steps to set up EEM - AD LDS integration
mitu, Raghu.Rudraraju, thanks so much for your ideas,
Thanks for sharing with the rest of the community!
Thank you for sharing the details Jakub. I'm sure this will help others too in future.
The CA Directory approach above was doing a similar thing, it serves as a light weight directory.