How to Define LDAP Servers and Enable LDAP Authentication Method

The table below describes features available with different versions:

UCMDB version Features available  
10.30

Starting with version 10.30:

  • The deleteLdapServer setting is available, which allows you to delete an LDAP Server
  • The following methods are global and have impact on all the UCMDB servers and LDAP servers: allowLdapAuthentication, allowLdapSynchronization, and forceCaseMatchAuthentication
  • All the other methods were updated and now have a new field named ldapHost
 
10.32
  • The following two JMX methods are added:

    • configureLdapDynamicGroups: Allows you to add a LDAP server dynamic groups configuration to the server

    • useDynamicGroups: Allows you to enable or disable the use of LDAP dynamic groups

  • The encoded flag is not required anymore for LDAP users. The user repository can be specified as in normal UI authentication.

    The Spring action name has changed due to Spring upgrade in 10.32 (directAppletLogin.action instead of directAppletLogin.do)

 

Important If you are configuring LDAP on a high availability environment, you must restart the cluster for the changes to take effect.

Note  

  • In a high availability environment, make sure you log in to the JMX console of the Writer server.

  • For an example of LDAP authentication settings, see LDAP Authentication Settings - Example.

  • Every LDAP user has a first name, last name, and email address saved in the local repository. If the value of any of these parameters that is stored on the LDAP server differs from the value in the local repository, the LDAP server values will overwrite the local values at each login.

  • The value of the userUID setting must be unique across all LDAP servers.

The following describes how to configure single or multiple LDAP authentication settings using the JMX console.