DX NetOps Manager

  • Private Community
 View Only
Back to Library

Tech Tip: How to clone different users based on different LDAP groups in CA Performance Center 

Dec 26, 2014 01:51 PM

Problem:


I have several teams that I want to give specific access in CAPC through LDAP authentication.

 

Example:

 

Group Support Team A userClone to CA Performance Center UserA

Group Support Team B userClone to CA Performance Center UserB

 

Solution:


To have multiple group definitions within CAPC the format of the Group property when configuring LDAP via the SsoConfig command: would be:

 

<LDAPGroups>

<Group Definitions1/>

<Group Definitions2/>

</LDAPGroups>

 

The following is an example:

 

<LDAPGroups>

<Group searchTag="memberOf" searchString=" CN=NetworkAdmin,OU=Groups,OU=North America,DC=abcd,DC=com" user="{sAMAccountName}" passwd=""  userClone="nadmin"/>

<Group searchTag="memberOf" searchString=" CN=SysAdmins,OU=Groups,OU=North America,DC=abcd,DC=com" user="{sAMAccountName}" passwd=""  userClone="sysadmin"/>

</LDAPGroups>

 

In the above example any user that is part of the 'NetworkAdmin' group in LDAP would get its user rights cloned from the 'nadmin' user in CAPC and any user that is part of the 'SysAdmins' group in LDAP would get its user rights cloned from the 'sysadmin' user in CAPC.

Statistics
0 Favorited
3 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Kevin Ring
Jun 06, 2017 06:03 PM

thank you!!

Josh Bovee
Jun 06, 2017 09:43 AM

You have to use Ssoconfig to modify that XML data.  Take heed though that by default when editing that file there's a 4096 character limit.  If your config grows beyond that, you'll need to issue the command 'stty cbreak' before doing ./Ssoconfig.  I would really like to see a GUI built for this in a future version of PM because the current method is very cumbersome.

Kevin Ring
Jun 02, 2017 05:43 PM

Is there an xml config file that can be edited or must we use Ssoconfig utility?

Related Entries and Links

No Related Resource entered.