AnsweredAssumed Answered

LDAP with Multiple top level OUs in EEM

Question asked by slatejn on Mar 7, 2018
Latest reply on Mar 8, 2018 by Jennifer_Jessup

We are working on integrating the remainder of r14.1 service management components into our existing SDM environment in preparation for an overall r17.1 upgrade later this year. I'm currently stuck at the integration for PAM since the Provider Username is a srvAccount in the "Admin" OU that can't be seen in EEM..

I currently have EEM configured for Multiple Microsoft Active Directory Domains and the Base DN set to "Sites" ( OU=SITES,DN=AD,DN=MYORG, DN=NET ) This is the tree where all of the "User" accounts reside. The issue I am running into is: the application user for PAM, our Service Account user, is in "Admin" (OU=Admin,DN=AD,DN=MYORG,DN=NET ).


I attempted to add another LDAP Directory with a unique name and OU=Admin instead of OU=Sites for the Base DN, and received a "EE_NOTALLOWED Operation not allowed" error.  Since an OU must be entered and you can't use a wildcard for the OU either, What can I do to set up the User Store so that it can see into both Top Level OUs? 


I knew it wouldn't work, but out of desperation I did try to setup the LDAP connection as DN=AD,DN=MYORG,DN=NET and OU=AD,DN=MYORG,DN=NET of which neither could locate anything.