(OO) Support Tip: Add an option to reject login to Central UI of an LDAP user that does not belong
Currently, a Lightweight Directory Access Protocol (LDAP) user that does not belong to LDAP groups is able to login to the Central user interface (UI) if the authentication of the user is successful even if the default role has no permissions. For example: In a testing of an LDAP configuration, an LDAP user named 'mkt_mgr' succeeded in the authentication but failed to find a group but the user could still login to the UI.
In Operations Orchestration (OO) version 9.x, it was possible to reject such LDAP user's login by making the box labeled "The default group and LDAP authenticated user gets when there is no group matching" blank out (removing default group EVERYBODY).
Please add an option to reject login to Central UI of an LDAP user that does not belong to LDAP groups.
Enhancement request QCCR8C28781 Add an option to reject log on to Central UI of an LDAP user that does not belong to LDAP groups has been submitted. The resolution is the following:
The LDAP filter that dictates the users who are allowed to have access to OO need to be grouped by a common criteria either by indicating that they should be members of the same LDAP groups (incorporating the memberOf attribute in the user search filter) or by specifying an LDAP attribute which has a common value for all users (e.g. share same manager).
Please see the knowledge document at https://softwaresupport.hpe.com/km/KM02791044