SuzanneZurich Respected Contributor.
Respected Contributor.
100 views

(OO) Support Tip: Add an option to reject login to Central UI of an LDAP user that does not belong

Currently, a Lightweight Directory Access Protocol (LDAP) user that does not belong to LDAP groups is able to login to the Central user interface (UI) if the authentication of the user is successful even if the default role has no permissions.  For example:  In a testing of an LDAP configuration, an LDAP user named 'mkt_mgr' succeeded in the authentication but failed to find a group but the user could still login to the UI.

In Operations Orchestration (OO) version 9.x, it was possible to reject such LDAP user's login by making the box labeled "The default group and LDAP authenticated user gets when there is no group matching" blank out (removing default group EVERYBODY).

Please add an option to reject login to Central UI of an LDAP user that does not belong to LDAP groups.

Enhancement request QCCR8C28781 Add an option to reject log on to Central UI of an LDAP user that does not belong to LDAP groups has been submitted.  The resolution is the following:

The LDAP filter that dictates the users who are allowed to have access to OO need to be grouped by a common criteria either by indicating that they should be members of the same LDAP groups (incorporating the memberOf attribute in the user search filter) or by specifying an LDAP attribute which has a common value for all users (e.g. share same manager).

Please see the knowledge document at https://softwaresupport.hpe.com/km/KM02791044

Labels (1)
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.