Creating an LDAP Authorization Realm

An LDAP authorization realm uses an external LDAP server for authorization and uses external LDAP role management.

Deployment Automation includes an internal database for storing security information and provides an integration with the Lightweight Directory Access Protocol (LDAP). LDAP is a widely-used protocol for accessing distributed directory information over IP networks. If you are implementing a production version of Deployment Automation, the LDAP integration is recommended. If you are evaluating Deployment Automation, it is not necessary to set up the LDAP integration; full security is configured and enforced by the server.

To create an LDAP authorization realm:

  1. Navigate to Administration > Security.
  2. In the selection box, select Authorization (Groups).
  3. Select Authorization Realms in the left navigation list.
  4. Click the Create Authorization Realm button.
  5. Ensure that LDAP is selected in the Type list box, and then specify a unique name along with the following information:
    Field Description
    User Group Attribute Name of the attribute that contains role names in the user directory entry. If user groups are defined in LDAP as an attribute of the user, the Group Attribute configuration must be used
    Group Search Base Base directory used to execute group searches, such as ou=employees,dc=mydomain,dc=com.
    Group Search Filter LDAP filter expression used when searching for user entries. The name will be substituted in place of 0 in the pattern, such as uid={0}. If this is not part of the DN pattern, wrap the value in parenthesis, such as ud=(0).
    Group Name Directory name used to bind to LDAP for searches, such as cn=Manager,dc=mycompany,dc=com. If not specified, an anonymous connection will be made. Required if the LDAP server cannot be anonymously accessed.
    Search Group Subtree If selected, searches the subtree for the roles.

For an example, see the following: