We are planning to LDAP Integration in that we are asked for Server URL does it mean we have to provide an URL of the LDAP server.
Add an LDAP Authentication System to the Topology
Or we have to provide the AD fully qualified name in the URL format like below.
Server URL: ldaps://wade.corp.abc.com:636
My server name: wade.corp.abc.com .
Also in the SSL certificate I have provide the SAN : Complete above url(ldaps://wade.corp.abc.com:636) or only AD fully qualified name is fine like this wade.corp.abc.com.
Could anyone assist me on this.
Please see this link for SSL. Have your Admin export the SSL certificate, which will need to be added to keystore. Next, add the LDAP to the Topology with SSL store and password, see here.
I'm not seeing the complete users form downloaded list few users are not downloaded.
Also, it says user listed as per specified limit though I have set the download limit around 30000.
But I'm seeing few users and imported and able to login successfully using AD Credentials.
Also seeing below sort of messages in tracelog:
Invalid user name: CASTILLO, JUAN ALBERTO, ldap agent: LdapAgent[LdapServerConfiguration[configurationName=NALDAP, url=ldap://<LDAP Server>:3268, javax.naming.ldap.InitialLdapContext@44a29c37]20230908 11:39:38.685 [ldap] [WARN] RMI TCP Connection(25)-10.7.49.93: [2023-09-08_11:39:38.6 Invalid user name: ACOSTA, MAYR=com, SSLEnabled=false, index=1], javax.naming.ldap.InitialLdapContext@44a29c37]80]20230908 11:39:38.685 [ldap] [WARN] RMI TCP Connection(25)-10.7.49.93: [2023-09-08_11:39:38.680] Invalid user name: ACOSTA, MAYR
As the message indicates the user name is having invalid character ',' , so only it is not getting imported into dSeries.
In dSeries , the allowed user name characters are @$_-. Please refer the article -https://techdocs.broadcom.com/us/en/ca-enterprise-software/intelligent-automation/ca-workload-automation-de/12-3/securing/authenticating-users-to-the-server-using-ldap/configuring-ca-workload-automation-de-to-work-with-an-ldap-server/import-an-ldap-user-to-the-ca-workload-automation-de-server.html
Hope it helps!
Thanks for your response.
Yes, I have already seen the document I might have overlooked ',' .I thought CA will support ',' char also.
Is there any configuration can be changed to allow ',' also or we need to work at LDAP end only.
Could you please confirm that?
It should be configured at LDAP level only. There is no setting on dSeries side to allow ',' character.