Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Operations Bridge Suite2017.04

Administer > Administer the Operations Bridge Suite > Configure LDAP authentication

Configure LDAP authentication

With the default single sign-on authentication strategy for the Operations Bridge Suite, users are authenticated to all installed capabilities with the same credentials. User names and passwords are stored and verified by a central server so that a user needs only one account to access all capabilities.

A suite-specific Identity Management (IDM) server is used for the authentication. The IDM server is monitored by a single center policy server, and consists of a user repository, a policy store, and a web server agent installed over each of the capability's web servers communicating with the policy server. The IDM server controls users' access to various organizational resources, protecting confidential personal and business information from unauthorized users.

For optimal security, HPE recommends to either configure a TLS connection between the suite and the IDM server, or have the suite server and the IDM servers on the same secure internal network segment. Authentication is performed by the IDM server, and authorization is handled by the capabilities.

Additionally, you can configure LDAP authentication for BVD. Automatic user creation from LDAP servers simplifies the user management process for administrators as authentication is performed through the LDAP server.

You can use an external LDAP server to store user information (user names and passwords) for authentication purposes, instead of using the internal IDM service. You can manually create BVD users and LDAP users, and use LDAP servers to automatically create LDAP users in BVD.

Note LDAP should be configured after the installation of the Operations Bridge Suite.

LDAP settings

The LDAP settings contain parameters for the LDAP server configuration, LDAP attributes, and user login information.

Setting	Description
LDAP Server Information
Name	Name of the LDAP configuration. This name cannot be changed when you reconfigure the settings.
Hostname	Fully-qualified domain name or IP address of the LDAP server. Example: `192.0.2.24`
Port	Port of the LDAP server. LDAP servers typically use port 389 or secure port 636.
Connection Security	Select Connection Security: SSL if an LDAPS URL is specified.
Base DN	The Distinguished Name (DN) of the LDAP entity from which you want to start your user search. Example: `CN=Users,DC=omi,DC=example,DC=com`
User ID (Full DN)	The Distinguished Name (DN) of a user with search privileges on the LDAP directory server. Example: `CN=Administrator,CN=Users,DC=example,DC=com`
Password	Password of the specified user ID.
User Authentication
User Search Base	Parameters to indicate which attributes are to be included in the user search. Example: `CN=Users`
User Name	The name of the field that contains the user name. Example: `sAMAccountName`
User Search Filter	LDAP pattern to use when searching for a user account. Example: `(sAMAccountName={0})` The user search filter must include the pattern `{0}`, which is replaced with the user name entered on login. IDM does not support LDAP multiple search filter components like `(&(sAMAccountName={{username}})(objectclass=user))`.
Follow Referral	Select to follow LDAP referrals to another server that offers the requested information.
Search Subtree	Select to search the subtree below the base DN (including the base DN level).
User Attributes
Common Name	Common name to be included in the user search. Example: `cn`
User Email	Property that contains the user's email address (specific to the selected LDAP vendor, for example MS Active Directory). Example: `mail`
Manager Identifier	Any attribute (for example DN or CN) of the user who is the user's manager. Example: `manager`
Manager Identifier Value	The value of the identifier. For example, if you specified the DN in the Manager Identifier field, enter `dn`.
User Avatar	Attribute for the user avatar image. You must specify an LDAP record property name that exists on the LDAP server. Example: `cn`
User Group
Group Membership	List of comma-separated LDAP attributes to find groups in a user profile. Example: `member,uniqueMember`
Group Name	LDAP name used to identify objects of the type group. Example: `cn`
Group Search Filter	LDAP pattern to use when searching for a group account. Example: `(objectclass=group)`

Send Help Center feedback