Absent Member.. pizzaman Absent Member..
Absent Member..
3145 views

LDAP (active dir) integration

Hello.  Does anyone have any feedback on LDAP (active dir) integration?  I have to start analyzing as we are forced to turn it on.

I have a lot of concerns. 

Thank you.

 

0 Likes
2 Replies
Absent Member.. cherohun Absent Member..
Absent Member..

Re: LDAP (active dir) integration

We implemented LDAP in Feb., and it has worked relatively well for us. We had some issues with initial setup because we could not import users by group; it had to be done by user.  Group import functionality is on the HP enhancement list as Request #: QCCR1J16147.  We were never able to download the appropriate certificates to enable SSL, so we’re using simple authentication. In addition, the QC LDAP import tool does not allow flexible searching in the LDAP tree, but that is dependent on your tree structure.

 

Attached are a couple documents that may assist your configuration.

 

The primary disadvantage is that we can’t create user id’s without having domain authentication.  We used to set up test groups and ids on the fly. Now, we have a couple users for testing purposes, and that has sufficed.  Overall, it is beneficial, and is required if you intend to implement “Single Sign On”.

 

Attachments:

 LDAP Authentication Requirements

SYSTEMS REFERENCE GUIDE-LDAP AUTHENTICATION

0 Likes
Highlighted
Absent Member.. Trudy Claspill Absent Member..
Absent Member..

Re: LDAP (active dir) integration

We have been using LDAP authentication since version 9.2 and it works well for us, mostly.

The import capabilities have been marginally improved in ALM v11. At least now you can enter a user's name and search LDAP for it. Before you had to manually find the user in the LDAP tree.

The thing I dislike about LDAP authentication is that QC imports the full Distinguished Name for the user. If the LDAP tree is modified such that the user's distinguished name changes, QC can't cope with that. The user's logon to QC will fail until their distinguished name saved in QC is fixed. I filed enhancement request QCCR1J13463 in Sept 2010 asking that the authentication be changed to Principal Name rather than Distinguished Name. It's current status (since December 2010) is "Action", whatever that means.
[If this post solves or helps solve your issue, mark the thread as solved and give KUDOS to the author for their assistance.]

(Opinions expressed in my postings are mine alone, and do not reflect the opinions of my employer.No warranties express or implied for any solution/suggestion posted.)
Tags (1)
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.