I have integrated UIM integrated with LDAP .I have a group with 10 users in a group ,whether it is possible to segregate role base access with that group. As of now all 10 users have admin privilege,we need to modify access for some users.
the way the integration works is that you link an ACL with a LDAP user group, and any LDAP user that is a member of that group gains the respective privileges. In order to segregate permissions you need to use different LDAP groups, that is the way the integration works at this moment.
However, LDAP users can be members of several groups and then gain the highest possible privileges.
CA Tech Support
Thanks Martin ,
There is any limitation that UIM queries only certain number of OU in Active directory.
There can be indeed issues if you OU you defined in the LDAP setting on the hub contains hundreds of LDAP groups. The issue there would be that the query to get the groups might time out and therefore fail.
The best way would be to create a sub OU and put only UIM related groups in there and define that OU in the HUB LDAP settings for the group container.
But in the below KB i could see pre-requisites to create a Flat group under AD. Whether flat group is really needed or it is only for older versions.
the important part here is this: "Create a group in AD for your Nimsoft users (create an OU that is dedicated for NMS groups)."
You need to create groups for the different ACL's you want to use, and here we mean that you cannot use nested groups (as these are currently not supported), only flat groups. There is no other workaround for this.
Retrieving data ...