Blog Post created by TMACUL Champion on Jan 1, 2016

LDAP Integration


From SDU

Jump to: navigation, search


To make corrections or additions to this article, select the edit tab above.
To discuss or ask questions about this article, select the discussion tab above.



LDAP Integration with Service Desk is a very confusing concept. Service Desk has an LDAP section in Options Manager containing 12 LDAP related items. These options are for contact creation and synchronization only. They provide absolutely no authentication functionality. It is common for organizations to spend time configuring the Options manager LDAP options with the assumption that they have something to do with authentication.

Bulk Contact Import

Service Desk offers no such capabilities. These is a function that has been requested for years but no out-of-the-box solution has been provided by CA. There is good news though. According to sources, the forthcoming r12 release will contain a bulk import feature. In the meantime, the only options is the creation of custom utilities or scripts.



r11 Web Authentication Screenshot


r11 Web Authentication Screenshot

It is common for organizations to spend time configuring the Options manager LDAP options with the assumption that they have something to do with authentication. But the reality is, LDAP authentication is much more simpler to configure than setting 12 options. The Service Desk default authentication process is set in each Access Type. If Allow External Authentication is selected, Service Desk hands-off authentication responsibility to its host server. If the host server is a member of a domain (which it most likely is), it hands-off authentication to Active Directory. So the end result is LDAP authentication but not because Service Desk was configured to authenticate that way, but because it was configured to let the server take care of it and the server is configured to let Active Directory take care of it.

SD > Server > LDAP

eIAM for Authentication

As mentioned in the previous section, LDAP authentication can be easily achieved with very little configuration. However, eIAM does offer an LDAP authentication option as well. eIAM can be configured to utilize an LDAP directory in place of it's own internal repository for authentication. So if eIAM was configured in this manner, and Service Desk was set-up to utilize eIAM for authentication, LDAP can be used for authentication into Service Desk.


So just like the example above, eIAM LDAP authentication goes through a process of 2 hand-offs as well. And there is a downside to using eIAM. This downside is that eIAM does not allow for bypassing the login screen. If Allow External Authentication is utilized, the login screen is bypassed. Using eIAM does not provide any such convenience.

The value of eIAM is minimal and its use should only be considered if CA Workflow is being actively utilized. CA Workflow uses eIAM exclusively for authentication so its use for Service Desk should only be considered if using CA Workflow. But even if CA Workflow is used, that doesn't necessarily mean it is an ideal choice for Service Desk authentication.

See Also

Options Manager

Retrieved from ""

This page was last modified 01:06, 27 July 2008.  This page has been accessed 8,653 times.  Content is available under Attribution-Noncommercial-Share Alike 3.0 UnportedDisclaimers