Idea Details

Spectrum integration with LDAP

Last activity 17 days ago
Anon Anon's profile image
04-08-2014 06:25 AM

Hello,

Idea provided by advices in community subject: https://communities.ca.com/web/ca-ehealth-and-ca-spectrum-global-user-community/message-board/-/message_boards/view_message/112407729

We need to accociate Spectrum user permissions with Active Directory groups and have automatic permission change after moving user from one AD group to another. For example if one user is a Network Administrator in AD it can get access only to swithes and routers in Spectrum.

This possibility can be done by REST web services and some adittional development, but it will be more effective to have this functionality out of the box.


Comments

03-13-2018 11:12 AM

Sarbdeep_Singh Hi! Good news in 4 years of delay! When will you finish review?

01-23-2018 02:23 AM

Hi All,

 

Thanks for posted this idea, Apologize for the delays.

I have started reviewing this idea with our architect and see if this can be picked in the future release.

 

Thanks,

Sarbdeep Singh

Spectrum Product Management

12-21-2017 03:45 AM

Is anyone from the Spectrum team looking to review this for future releases?

11-20-2017 11:52 AM

Nice to have this feature. Just Voted. 

10-18-2017 05:33 PM

I've been toying around with a script that uses the REST API to manage users based on AD group membership (including cleaning up users who are disabled/deleted from AD). We also have a distributed environment, and to work with that I've been creating the user model with a REST call for each landscape that the user should exist on (and setting the master model to be the model on the MLS). It has worked pretty well in testing, although it's not ready for production yet. I'm hoping to get this in place and then set it to run nightly, so that when users get moved in AD Spectrum will catch up within 24 hours. But yeah, this should definitely not be required - the software should just have this level of LDAP integration out of the box.

10-09-2017 03:29 PM

This would be really cool addition.

 

Voted Up.

10-04-2017 10:25 AM

Hey CA, 

this idea is now more than 3 years old, has more than 40 votes and is still marked as "new". Could you please give an update if this is being discussed internally? 

10-03-2017 10:52 PM

I have a need for this also - in the age of efficiency/agility this is mandatory.

04-25-2017 03:04 AM

This would be a really wanted feature.

 

As we cannot wait for CA to implement this, we are planning to develop our own using REST api. Anyone who already did this might want to share some thoughts/ideas on it? Especially, in a distributed environment?

12-13-2016 10:01 AM

I agree - a very good idea / feature.

12-20-2015 04:42 AM

This would be a very welcome feature. We received disappointed looks from clients for this not being implemented in Spectrum 9.1.x over 6 years ago, and to this day clients need to maintain user rights independently from the rest of the domain.

 

Having to create and manage users locally through Oneclick instead of assigning AD groups is very important. It means being able to dynamically assign user permissions through Active Directory, which is the correct way. Keep in mind that it needn't be AD specific, since LDAP is the underlying binding and authenticating protocol for these transactions whether AD, OpenLDAP or what not.

 

If a user has been assigned different responsibilities whether short-term or long-term, a change in LDAP group is usually enough for most systems to know which rights to assign to that user. The same should be said for Spectrum. Spectrum administrators shouldn't have to be in the loop in such matters. It should be a matter of corporate policy whether a member of SuperNetworkAdmins has the rights of an administrator for the corporate landscape, and whether JuniorNetworkAdmins are able to clear alarms. This is all the more important for large deployments.