LDAP Configuration BSM 9.23

Can Any one suggest me the steps that i have to go through to configure the LDAP in BSM 9.23

 

i have gone through the Platform administration Guide, but not clear.

 

Whether Group Mapping is necessary or not? Can i do the LDAP Configuration without the Group Mapping?

 

Parents
  • hello AKG,

    first thing: when you can successfully test the name resolution on the previous page then you're on the right way. means you're able to query LDAP and resolve user names. now what you need to tell BAC is where in the LDAP structure the relevant groups are located. depending on the size of the customer organization LDAP can be pretty big. so now ay BAC wants to know about all the groups in LDAP. so here is what you need to do:

    1. you need an LDAP browser. a tool independant from BAC to access the customer LDAP. this is to retrieve the group names in the LDAP structure. i recommend to use JXplorer which you can get for free here:

    http://jxplorer.org/

    2. you need a certain bascil knowledge about LDAP queries. these queries have to be entered in the fields:

    Groups base DN:
    Groups search filter:
    Root groups base DN:
    Root groups filter:

    please check the following page for some details on LDAP queries or google for it. you will find a lot of useful stuff. what will happen is that BAC will query LDAP based on the defined filters in the query and display the relevant groups und "Corporate Directory".

    http://technet.microsoft.com/en-us/library/aa996205(EXCHG.65).aspx#DoingASearchUsingADUC

    so as example my queries look like this

    Groups base DN:
    OU=Groups,OU=Enterprise,OU=Common,DC=XXX,DC=XXX,DC

    =XX --> (XX=domain name like test.customer.com)

    Groups search filter:
    (&(objectclass=group)(displayname=XXX*)) --> (XXX* name of the AD group. here you need to have consistant naming in the AD groups to make this easy. * can be used as wildcart)

    Root groups base DN:
    OU=Application Groups,OU=Groups,OU=Enterprise,OU=Common,DC=XXX,DC=XXX,DC=XX

    Root groups filter:
    (&(objectclass=group)(displayname=XXX*))


    you will see that the operator has been changed from default | to & in order to setup a:

    & (logical AND)
    You use this syntax when you have more than one condition, and you want all conditions in the series to be true. For example, if you want to find all of the people that have the first name of John and live in Dallas, you would use:
    as per documentation.

    so with the operators you will be able create quite complex queries. the LDAP browser will be needed to search LDAP for information like OU=Groups,OU=Enterprise,OU=Common,DC=XXX,DC=XXX,DC=XX which is the path to the location of the BAC user groups in LDAP. the structure can look pretty similar because LDAP tends to be build on a standard structure up to a certain level.


    another note on the side: if you're configuring this .... do not log out until you have configured all the steps for the group/user sync and mapping. so once you have completed the wizard and you can see the groups under corporate directory ... follow the guide map the groups. otherwise you might be unable to login to BAC with LDAP and local users.


    i hope this help. if yes please assign point.

    Regards,
    Mandarx
  • Hi Mandar,

     

    Thanks for the detailed steps. 

     

    I tried configuring the LDAP once and i logged out without completing all the steps. After that i was not able to login to the BSM consloe at all.

     

    Then i resolved it by Disabling the LDAP using the JMX Consloe. After this i am able to login to the BSM Console.

     

    But now the LDAP Configuration page is not opening(refer to the screenshot).

     

    Any idea how to resolve this.

  • Hi AKG,

     

    Jst restart ur BSM server once.

     

    Regards,

    Mandarx

     

  • Do i need to restart the server or services?

     

    I have already tried restarting the services.

Reply Children