Tech Tip: How to clone different users based on different LDAP groups in CA Performance Center

Document created by kk_sup Employee on Dec 26, 2014Last modified by SamCreek on Dec 17, 2016
Version 3Show Document
  • View in full screen mode

Problem:


I have several teams that I want to give specific access in CAPC through LDAP authentication.

 

Example:

 

Group Support Team A userClone to CA Performance Center UserA

Group Support Team B userClone to CA Performance Center UserB

 

Solution:


To have multiple group definitions within CAPC the format of the Group property when configuring LDAP via the SsoConfig command: would be:

 

<LDAPGroups>

<Group Definitions1/>

<Group Definitions2/>

</LDAPGroups>

 

The following is an example:

 

<LDAPGroups>

<Group searchTag="memberOf" searchString=" CN=NetworkAdmin,OU=Groups,OU=North America,DC=abcd,DC=com" user="{sAMAccountName}" passwd=""  userClone="nadmin"/>

<Group searchTag="memberOf" searchString=" CN=SysAdmins,OU=Groups,OU=North America,DC=abcd,DC=com" user="{sAMAccountName}" passwd=""  userClone="sysadmin"/>

</LDAPGroups>

 

In the above example any user that is part of the 'NetworkAdmin' group in LDAP would get its user rights cloned from the 'nadmin' user in CAPC and any user that is part of the 'SysAdmins' group in LDAP would get its user rights cloned from the 'sysadmin' user in CAPC.

Attachments

    Outcomes