DX NetOps

  • Private Community
 View Only

  • 1.  Multiple LDAP Domains with CA Spectrum

    Posted Nov 28, 2022 01:01 AM
    Hi Community,

    Do we have an option to integrate with multiple LDAP domains (ex: abc.com, xyz.com) with Spectrum 21.x or 22.x?

    ------------------------------
    Regards,

    Eshwar
    ------------------------------


  • 2.  RE: Multiple LDAP Domains with CA Spectrum

    Posted Nov 28, 2022 02:13 AM
    Use EEM. Link that with 2 domains and configure the integration with EEM, as specified in the documentation. You cannot have the same username on the two domains. I don't know if in the latest version has changed, but in previous versions I used, if EEM goes down, you won't be able to login to SPECTRUM.

    You can always try to use the CA Directory that comes with EEM and link it with the two domains and query it as a federated LDAP. That's possible too. In this scenario, if the LDAP (CA Directory) goes down, you can authenticate with the locally store LDAP password, so the users are still able to login.

    ------------------------------
    Cătălin Fărcășanu
    Senior Consultant
    SolvIT Networks
    ------------------------------

    Original Message


  • 3.  RE: Multiple LDAP Domains with CA Spectrum

    Posted Nov 28, 2022 05:25 AM
    Hi Catalin,

    Thank you for the response. Customer doesn't have EEM so in that case, do we have any other options like install two oneclick servers for single SpectroServer and then integrate with two AD's. Please suggest this approach could be achievable or not.

    ------------------------------
    Regards,

    Eshwar
    ------------------------------

    Original Message


  • 4.  RE: Multiple LDAP Domains with CA Spectrum

    Posted Nov 28, 2022 05:48 AM
    You might wanna check that with Broadcom. AFAIK EEM was not licensed separately and at some point was the recommended solution for SSO between Spectrum and eHealth, thus being provided as an embedded authentication system for several components, as the name says.

    ------------------------------
    Cătălin Fărcășanu
    Senior Consultant
    SolvIT Networks
    ------------------------------

    Original Message


  • 5.  RE: Multiple LDAP Domains with CA Spectrum

    Broadcom Employee
    Posted Nov 28, 2022 09:18 AM
    I would think the best way, now that Spectrum supports SAML, is to use an IDP and add all the different LDAP servers to IDP.

    Not only for Spectrum, but the IDP/SAML can be used to login to Performance Management also.  This is the best SSO solution for NetOps with not having to enter passwords going back/forth between NetOps products.
    Original Message


  • 6.  RE: Multiple LDAP Domains with CA Spectrum

    Posted Nov 30, 2022 07:21 AM

    Hi @Purneswara Rao Konda,

    I've never tried it, but I don't see any reason, why configuring 2 separate OneClick servers differently should not work.
    You might want to be careful with the setting "save ldap passwords to Spectrum database", if a single Spectrum user exists in both directories and might also use both.
    Is such solution ideal? Surely not, as it might cause confusion when troubleshooting login issues sometime later down the road.
    Depending on the type of LDAP directories, sometimes there is an option to federate these internally, configure only one within OneClick und utilize recursive searches.

    regards,

    Raphael


    Original Message