Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Service Manager

Administer > Configuring installation and setup options > Lightweight Directory Access Protocol (LDAP) > Enable an integration to LDAP

Enable an integration to LDAP

Applies to User roles: System Administrator

You must have the SysAdmin capability word to use this procedure.

To enable an integration to LDAP:

Do one of the following to enable Service Manager to create operator records dynamically when LDAP users log in:
- Define the System Information Record operator template for LDAP users.
- Define a system default record for the operator file. For details, see Create a system default operator record.
These settings allow LDAP users to log in to Service Manager without having existing operator records.
Define the default LDAP server and authentication base directory to which you want Service Manager to connect.
Define the file and field mappings you want to the LDAP directory service.
Set LDAP query parameters in the Service Manager initialization file.

Define the default LDAP server

You must have the SysAdmin capability word to use this procedure.

You must define a default LDAP server to integrate Service Manager files to an LDAP directory service.

To define the default LDAP server:

Click System Administration > Ongoing Maintenance > System > LDAP Mapping.
The Service Manager LDAP Mapping – System Level Specification form opens.
Type or select the LDAP mapping information.
Click Save.
Service Manager displays the message;
Record updated in the scldapconfig file.

Define file and field-level mappings to an LDAP server

You must have the SysAdmin capability word to use this procedure.

You must define a default LDAP server to integrate Service Manager files to an LDAP directory service.

To define file and field-level mappings to an LDAP server:

Click System Administration > Ongoing Maintenance > System > LDAP Mapping.
The Service Manager LDAP Mapping – System Level Specification form opens.
Click Set File/Field-level Mappings.
The Service Manager LDAP Mapping – File/Field Specification page opens.
In the Name field, type the name of the Service Manager file for which you want to create LDAP mappings.
Click Search.
Service Manager displays a list of fields for the file.
Type or select the LDAP mapping settings. If necessary, press Ctrl+H to view help for each field.
Click Save.
Service Manager displays the message:
Data Policy record updated.

Set the LDAP authentication base name

You can define an operator to use a different LDAP base name than the operator name. By default, Service Manager uses the operator name to bind to the LDAP. You can define a different LDAP base name to allow users to connect to Service Manager with one name and to LDAP with a different name.

To set the LDAP authentication base name:

Click System Administration > Ongoing Maintenance > Operators.
Click Search.
Select the operator whose LDAP base name you want to set from the record list.
Click the Security tab.
In the LDAP Base Name field, type the name you want to use to authenticate the LDAP connection.
Click Save.
Service Manager displays the message:
Operator record updated.

Enable LDAP over SSL

You must have the SysAdmin capability word to use the procedures below.

By default, when you enable LDAP over SSL, you need to set the root certificate of the CA that issued the LDAP server’s certificate on the Service Manager server, and then specify the location of the certificate file in the LDAP SSL DB Path field.

If you do not want to set the CA's root certificate on the Service Manager server, follow these steps:

Set the ldapsslallownocert parameter to 1.
Log in to Service Manager, and then click System Administration > Ongoing Maintenance > System > LDAP Mapping.
Set the LDAP Server and LDAP Base Directory fields, select the LDAP SSL check box. Leave the LDAP SSL DB Path field blank.
Click Set File/Field level mapping, enter operator in the Name field, and then map the name field of operator to sAMAccountName (for Active Directory server).
Restart the Service Manager server.

If you wish to authenticate Service Manager users that belong to different domains or subdomains, you can deploy multiple LDAP servers that belong to the corresponding domains, and then set up a horizontal scaled (HS) cluster. By the following configuration, users belong to different domains can share the same database while at the same time be authenticated by different domain’s LDAP server over SSL.

Set the ldapsslallownocert parameter to 1.
Log in to Service Manager, and then click System Administration > Ongoing Maintenance > System > LDAP Mapping. Leave everything on this page empty.
Click Set File/Field Level Mapping, enter operator in the Name field, and then map the name field of operator to sAMAccountName.
Add the ldapserver parameter in the sm.ini file as the following example:
```
ldapserver1:16.183.93.217%636%cn=users,dc=swsm,dc=ind,dc=lab
```
You can add this parameter multiple times if you have more than one LDAP server.
Restart the Service Manager server.