Having problems with your account or logging in?
A lot of changes are happening in the community right now. Some may affect you. READ MORE HERE
Highlighted
ericmorris Super Contributor.
Super Contributor.
1515 views

OMi LDAP configuration

Jump to solution

We are having an issue with the LDAP configuration with OMi.  We are on 10.10 IP1.  The authentication is working, however, we cannot seem to limit access based on a security group.  It is allowing everybody in the OU to login as opposed to just everybody in the security group that we have defined.  We are assuming that this is defined int he Groups bas DN or Root groups base DN.  We have tried all types of combinations, but it still ignores the security group and allows anybody in the OU to login.

Please let me know what information you need from me.

Tags (1)
0 Likes
1 Solution

Accepted Solutions
Super Contributor.. BBMReddy Super Contributor..
Super Contributor..

Re: OMi LDAP configuration

Jump to solution

The Groups search flters should limit the users who will have access to the application.

In my implementation, I created OMi ldap groups in the format : ITS-OMI-xxxxxx under Security group.. So I gave filter as : (&(objectclass=group)(CN=ITS-OMI*))

Here is the actual values I have provided in LDAP Group Mapping configuration. YOu can tweak the below conf appropriate to your setup (xyz - org name)

 

Groups Base DN:      OU=Security,OU=IDM,OU=Groups,DC=xyz,DC=com
Groups Search Filter: (&(objectclass=group)(CN=ITS-OMI*))
Root Base DN:          OU=Security,OU=IDM,OU=Groups,DC=xyz,DC=com

Root Group Filter:      (&(objectclass=group)(CN=ITS-OMI*))

 

HTH

 

BR
Reddy

0 Likes
2 Replies
Super Contributor.. BBMReddy Super Contributor..
Super Contributor..

Re: OMi LDAP configuration

Jump to solution

The Groups search flters should limit the users who will have access to the application.

In my implementation, I created OMi ldap groups in the format : ITS-OMI-xxxxxx under Security group.. So I gave filter as : (&(objectclass=group)(CN=ITS-OMI*))

Here is the actual values I have provided in LDAP Group Mapping configuration. YOu can tweak the below conf appropriate to your setup (xyz - org name)

 

Groups Base DN:      OU=Security,OU=IDM,OU=Groups,DC=xyz,DC=com
Groups Search Filter: (&(objectclass=group)(CN=ITS-OMI*))
Root Base DN:          OU=Security,OU=IDM,OU=Groups,DC=xyz,DC=com

Root Group Filter:      (&(objectclass=group)(CN=ITS-OMI*))

 

HTH

 

BR
Reddy

0 Likes
ericmorris Super Contributor.
Super Contributor.

Re: OMi LDAP configuration

Jump to solution

This works for the filtering the security group and helps with mapping groups to assign permissions.  But I guess I was thinking that you could limit the accounts to only those in the security gourps.  This is not the case.  If a user is in the OU, but not in the security group, it will still permit the user to login to OMi, they just won't have any rights.  I had to create a separate OU in AD to truly limit the access.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.