LDAP support for Anonymous user in Privileged User Manager

0 Likes
Privileged User Manager(PUM) can be integrated with LDAP server for Authentication and various other functionality in the product. In this document, we describe the settings required for PUM on the LDAP directory for Anonymous user.

In the Command Control console when defining privileged accounts for Account domain objects of type LDAP, the account type for the credential object can be set as 'Anonymous' LDAP user.

This Anonymous Credential account object can be set as the default Credential of the Account Domain. This Account Domain can be used either as Authentication Domain in Framework User Manager or as Account Domain for 'External Group' in 'User Group' objects. The default Credential of the Account Domain is used to perform LDAP search operation for objects of class 'person'.

The LDAP Account Domain can be 'Windows Active Directory' or 'NetIQ eDirectory'. To use the Anonymous credential, the administrator should provide Anonymous access on an LDAP directory for the following attributes on the 'person' class.

  1. NetIQ eDirectory: eDirectory allows Anonymous access by default. Use NetIQ iManager, and provide Anonymous/[PUBLIC] access to the below attributes -

    Class: person

    Attributes: CN, groupMembership

    Below is the screen shot of iManager for reference -

    iMgr-publicRights



 

Labels:

How To-Best Practice
Comment List
Anonymous
Related Discussions
Recommended