Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Search for | Example | Results |
---|---|---|
A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Search for | Operator | Example |
---|---|---|
Two or more words in the same topic |
|
|
Either word in a topic |
|
|
Topics that do not contain a specific word or phrase |
|
|
Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
A combination of search types | ( ) parentheses |
|
- Universal CMDB Login Authentication
- Setting Up an Authentication Method
- Enabling Login to Universal CMDB with LW-SSO
- Enabling Login to Universal CMDB with SAML
- Setting a Secure Connection with the SSL (Secure Sockets Layer) Protocol
- Using the JMX Console to Test LDAP Connections
- How to Enable HTTP Communication for Universal CMDB
- Hybrid User Management with Multiple User Repositories
- How to Define LDAP Servers and Enable LDAP Authentication Method
- LDAP Authentication Settings - Example
- Example: How to Configure LDAP for Sun ONE Directory Server in UCMDB Server
- Example: How to Configure Dynamic LDAP Groups
- Retrieving Current LW-SSO Configuration in Distributed Environment
- User Lockout Mechanism
Example: How to Configure Dynamic LDAP Groups
Starting with version 10.32, support for dynamic groups is available. This example shows how to configure dynamic LDAP groups in UCMDB server.
In the LDAP server we have created a user with the ID common_user.
Next we add a dynamic group containing this user:
This group is in the same organization unit OU:Groups with our previous non-root groups.
We add this group to the root group members.
We have the LDAP server configuration previously set.
In SunONE the dynamic groups have the group class different from the static groups: groupOfURLs.
So first we must update the Group Base Filter attribute. In this case the new value will be:
(|(objectclass=groupOfUniqueNames)(objectclass=groupOfURLs))
If our root group is dynamic we must also update the root group filter to contain the: (objectclass=groupOfURLs)
To configure the dynamic groups, use the following JMX Method:
Parameter Name | Parameter description and how to configure the parameter |
---|---|
ldapHost |
The host name of an already configured LDAP server. In our case HM: myvm.mylabs.adapps.mydomain.com |
dynamicGroupsClass |
The class from which the groups inherit. In SunONE a static group inherits from the groupOfUniqueNames object class, so in our case it is: groupOfUniqueNames |
dynamicGroupsDescAttribute |
Defines the description of the dynamic groups. In our case it is the same as for static groups: desc |
dynamicGroupsDisplayNameAttribute |
Defines the display name of the dynamic groups. We have: cn |
dynamicGroupsMemberAttribute |
The group members are found using this attribute. For dynamic groups our value is: memberURL |
dynamicGroupsNameAttribute |
Defines the dynamic group name. We have the same value as for the static groups: cn |
Now you have successfully configured the dynamic groups.
In case you want to enable/disable the dynamic group configurations for an LDAP server, you need invoke the useDynamicGroups JMX method by filling the host name and set the isEnabled flag to true/false.
Test if it works:
Now that you have dynamic groups enabled, you can map the dynamic groups to UCMDB groups.
If you authenticate with an LDAP user that is a member of a dynamic group and that group was mapped to a UCMDB group, the user created in UCMDB should now be a member of the mapped UCMDB group.
For example:
We map the LDAP group Dynamic to the UCMDB groups we want. We mapped it to a group named Admin with the admin and superadmin roles.
We have our user common_user. With the dynamic groups disabled, we authenticate with the common_user. Because the user cannot be found in the Dynamic group, he/she will be mapped to the default UCMDB group configured in the LDAP setting. In our case UCMDBGroup:
Now we enable dynamic groups. If the settings are right and we authenticate again with the common_user, now we will be mapped to the mapped UCMDB group (Admin):
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to cms-doc@microfocus.com.
Help Topic ID:
Product:
Topic Title:
Feedback: