Administration → Security Administration → Authorization Realms and Groups → Creating an LDAP Authorization Realm
An LDAP authorization realm uses an external LDAP server for authorization and uses external LDAP role management.
Deployment Automation includes an internal database for storing security information and provides an integration with the Lightweight Directory Access Protocol (LDAP). LDAP is a widely-used protocol for accessing distributed directory information over IP networks. If you are implementing a production version of Deployment Automation, the LDAP integration is recommended. If you are evaluating Deployment Automation, it is not necessary to set up the LDAP integration; full security is configured and enforced by the server.
To create an LDAP authorization realm:
Field | Description |
---|---|
User Group Attribute | Name of the attribute that contains role names in the user directory entry. If user groups are defined in LDAP as an attribute of the user, the Group Attribute configuration must be used |
Group Search Base | Base directory used to execute group searches, such as ou=employees,dc=mydomain,dc=com. |
Group Search Filter | LDAP filter expression used when searching for user entries. The name will be substituted in place of 0 in the pattern, such as uid={0}. If this is not part of the DN pattern, wrap the value in parenthesis, such as ud=(0). |
Group Name | Directory name used to bind to LDAP for searches, such as cn=Manager,dc=mycompany,dc=com. If not specified, an anonymous connection will be made. Required if the LDAP server cannot be anonymously accessed. |
Search Group Subtree | Searches the subtree for the roles if checked. |
For an example, see the following:
Copyright © 2011–2017 Serena Software, Inc. All rights reserved.