Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Words and Phrases
| Search for | Example | Results |
|---|---|---|
| A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
|
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Using Boolean Operators
| Search for | Operator | Example |
|---|---|---|
|
Two or more words in the same topic |
|
|
| Either word in a topic |
|
|
| Topics that do not contain a specific word or phrase |
|
|
| Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
| A combination of search types | ( ) parentheses |
|
Hybrid User Management with Multiple User Repositories
When you have LDAP server(s) configured, you can also authenticate with UCMDB users. This allows you to perform hybrid user management with multiple user repositories.
Important Make sure you have the UCMDB server connection to LDAP server(s) up and running when the upgrade is running.
Note For information about how to configure LDAP authentication settings, see How to Define LDAP Servers and Enable LDAP Authentication Method.
On UCMDB UI, when an user is created, it will always be from the UCMDB repository.
When you configure an LDAP server, hybrid user management is enabled.
Enable or disable LDAP authentication in non interactive flows
You can use the infrastructure setting Enable LDAP Authentication in non interactive flows (UCMDB UI > Administration > Infrastructure Settings Manager) to control whether you want to enable the display of LDAP repository selection in UCMDB UI login screen. The default value for this infrastructure setting is false.
To display the LDAP repository selection, set the infrastructure setting to true.
How the hybrid user management authentication mechanism works
Starting with 10.32, you can specify the user repository as the domain part of an email address or a Windows domain user.
Here is how the enhanced hybrid user management authentication mechanism works in different scenarios:
- No repository is specified: It selects the user from the repository with the highest priority that contains a user with that name.
-
The repository is specified as an email address or Windows domain user:
-
Valid user repository: If the email/domain user are valid, it extracts the user and repository from them.
- The repository is a configured user repository: In this case it means a valid user ID (username + repository) exists. The authentication mechanism will use the user ID extracted for all the calls. User repository matching is case insensitive. The full domain does not have to be specified, only an ending part of it (see in example).
-
The repository is not a configured user repository: In this case the username is used as the full email/domain address.
-
Invalid user repository: The UCMDB UI validates the input using the ESAPI.
-
Example:
The following user repositories are configured:
- UCMDB - priority 1
- sub1.mydomain.com - priority 2
- sub2.mydomain.com - priority 3
We have the following users:
- UCMDB: user1, user2
- sub1.mydomain.com: user1
- sub2.mydomain.com: user2, user3@gmail.com
Here is how the hybrid user management authentication mechanism maps the users to repositories:
- user → repository (case from above)
- user1 → UCMDB (1)
- user1@UcMdb → UCMDB (2.a.i)
- ucmdb\user1 → UCMDB (2.a.i)
- user1@sub1.mydomain.com → sub1.mydomain.com (2.a.i)
- user1@mydomain.com → sub1.mydomain.com (2.a.i)
- mydomain.com\user2 → sub1.mydomain.com (2.a.i) *** (even if the user does not exist on this host, the highest priority user repository ending with mydomain.com is selected)
- user3@gmail.com → sub2.mydomain.com (2.a.ii)
- user@sf4^$5 → no repository (ESAPI error)
LW-SSO, CAC, URL authentication, and WSDL authentication
All these mechanisms work as the UI login:
- LW-SSO: The cookie can specify user repository in the username: ucmdB\ldap3u1
- CAC: The certificate can contain in the field that specified the name: ldap3u1@mydomain.com
-
URL authentication: The username can specify the repository like the following:
https://<username>.<domain>:8443/ucmdb-ui/cms/directAppletLogin.action?&userName=sub1.mydomain.com\ldap2u1&password=hXSMV66FyPjNFVAC8wH2sA==
-
WSDL authentication: You can also authenticate on WSDL using hybrid user management. To do this, the user’s ID must be composed of name, followed by ### and repository (in the format of <username>###<repository>). For example, admin###UCMDB.
When you authenticate on UCMDBManagementService, the user’s ID must be sysadmin, and no repository should be specified.
