ESP dSeries Workload Automation

 View Only
  • 1.  LDAP Integration to work with CA work automation DE

    Posted Aug 05, 2023 04:52 AM

    Hi Team,

    We are planning to LDAP Integration in that we are asked for Server URL does it mean we have to provide an URL of the LDAP server.

    Add an LDAP Authentication System to the Topology

    Server URL:  

    Or we have to provide the AD fully qualified name in the URL format like below.

    Server URL: ldaps://wade.corp.abc.com:636

    My server name: wade.corp.abc.com .

    Also in the SSL certificate I have provide the SAN : Complete above url(ldaps://wade.corp.abc.com:636) or only AD fully qualified name is fine like this wade.corp.abc.com.

    Could anyone assist me on this.



  • 2.  RE: LDAP Integration to work with CA work automation DE

    Broadcom Employee
    Posted Aug 08, 2023 09:06 AM

    Hi,

    Please see this link for SSL.  Have your Admin export the SSL certificate, which will need to be added to keystore.  Next, add the LDAP to the Topology with SSL store and password, see here.

    HTH,

    Nitin Pande



    ------------------------------
    Support
    Broadcom
    Toronto
    ------------------------------



  • 3.  RE: LDAP Integration to work with CA work automation DE

    Posted Sep 08, 2023 03:17 PM

    I'm not seeing the complete users form downloaded list few users are not downloaded.

     Also, it says user listed as per specified limit though I have set the download limit around 30000.

    But I'm seeing few users and imported and able to login successfully using AD Credentials.

    Also seeing below sort of messages in tracelog:

    Invalid user name: CASTILLO, JUAN ALBERTO, ldap agent: LdapAgent[LdapServerConfiguration[configurationName=NALDAP, url=ldap://<LDAP Server>:3268, javax.naming.ldap.InitialLdapContext@44a29c37]
    20230908 11:39:38.685 [ldap] [WARN] RMI TCP Connection(25)-10.7.49.93: [2023-09-08_11:39:38.6 Invalid user name: ACOSTA, MAYR=com, SSLEnabled=false, index=1], javax.naming.ldap.InitialLdapContext@44a29c37]
    80]
    20230908 11:39:38.685 [ldap] [WARN] RMI TCP Connection(25)-10.7.49.93: [2023-09-08_11:39:38.680] Invalid user name: ACOSTA, MAYR




  • 4.  RE: LDAP Integration to work with CA work automation DE

    Broadcom Employee
    Posted Sep 12, 2023 01:26 AM

    As the message indicates the user name is having invalid character ',' , so only it is not getting imported into dSeries.

    In dSeries , the allowed user name characters are @$_-.  Please refer the article -https://techdocs.broadcom.com/us/en/ca-enterprise-software/intelligent-automation/ca-workload-automation-de/12-3/securing/authenticating-users-to-the-server-using-ldap/configuring-ca-workload-automation-de-to-work-with-an-ldap-server/import-an-ldap-user-to-the-ca-workload-automation-de-server.html 

    Hope it helps!

    Ravi Kiran




  • 5.  RE: LDAP Integration to work with CA work automation DE

    Posted Sep 13, 2023 05:27 AM

    Hi Ravi,

    Thanks for your response.

    Yes, I have already seen the document I might have overlooked ',' .I thought CA will support ',' char also.

    Is there any configuration can be changed to allow ',' also or we need to work at LDAP end only.

    Could you please confirm that?




  • 6.  RE: LDAP Integration to work with CA work automation DE

    Broadcom Employee
    Posted Sep 13, 2023 06:33 AM

    It should be configured at LDAP level only. There is no setting on dSeries side to allow ',' character.