Highlighted
Frequent Contributor.. DebashishP Frequent Contributor..
Frequent Contributor..
2307 views

Regarding LDAP Authentication in HP ALM

 

Hi Experts,

We are planning to change the authentiction from Quality Center to LDAP. I have few queries before we migrate to LDAP if you all could help me getting clarified. Currently we are using HP ALM 12.53

1. what are the pre-requisites before moving to LDAP authentication. 

2. Currently we are having a Site Admin account, so before changing to LDAP authentication, is it required to have a admin account created in LDAP which can be used as a Site Admin user id.

3. what would happen to the current users after changing the authentication to LDAP.

e.g. currently there is a user id 12345 and he is logging using QC authentication. we are having the same user id in LDAP (12345). so will it be possible to import the LDAP user id (12345) to Quality Center as the user id already exists. If No, then what is the work around.

4. If the user id is same as the imported user id from LDAP, then will the imported user id have access to the same project which the previous user id is having or we need to assign the imported user id again to the project.

Kindly help me.

Thanks and Regards

Deb

 

Tags (1)
0 Likes
3 Replies
OlaBerggren Acclaimed Contributor.
Acclaimed Contributor.

Re: Regarding LDAP Authentication in HP ALM

Hi I'll try to answer as far as I know.

Also I'm refering to version 12.20 as we have currently.

1. what are the pre-requisites before moving to LDAP authentication. 

If you are planning to use ldaps, the LDAP server certificate must be imported to the cert-store. You also need to know the mapping of the fields in ALM to the LDAP values.

2. Currently we are having a Site Admin account, so before changing to LDAP authentication, is it required to have a admin account created in LDAP which can be used as a Site Admin user id.

Either the siteadmin account must be created in LDAP, or the user that administrate ALM must be added to the Siteadmin user group in ALM.

3. what would happen to the current users after changing the authentication to LDAP.

e.g. currently there is a user id 12345 and he is logging using QC authentication. we are having the same user id in LDAP (12345). so will it be possible to import the LDAP user id (12345) to Quality Center as the user id already exists. If No, then what is the work around.

If a user with the same userid already exists, you can specify to merge the users at import or rename it. But it involves quite a few clicks, so if you have many users you may want to use another way to migrate like scripting or inserting in USERS_AUTH_DATA-table

4. If the user id is same as the imported user id from LDAP, then will the imported user id have access to the same project which the previous user id is having or we need to assign the imported user id again to the project.

Yes, it is the username that is the identifier and if they are the same, then it will work.

Also make sure how to change back to ALM authentication, in case of errors in the configuration. (Stop ALM, run UPDATE td.PARAMS SET PARAM_VALUE = "QualityCenter" WHERE PARAM_NAME="AUTHENTICATION";  in Siteadmin DB and Restart ALM)

Also remember that it is only the Autentication that will be against the LDAP-server, all data for the users will still be stored in ALM. So if someone gets merried, changes e-mail or phone they needs to be re-imported to ALM for this to show.



br /ola


Please mark post as solved if your problems or questions is/are resolved.
If this post was valuable to you, please consider kudo it.

.
0 Likes
Frequent Contributor.. DebashishP Frequent Contributor..
Frequent Contributor..

Re: Regarding LDAP Authentication in HP ALM

Thank you so much Berggren. This really helps. Request you to help me on the queries mentioned in the section My Query.

1. what are the pre-requisites before moving to LDAP authentication.

OlaBerggren Reponse:

If you are planning to use ldaps, the LDAP server certificate must be imported to the cert-store. You also need to know the mapping of the fields in ALM to the LDAP values.

My Query:

Could you please elaborate more on this i mean how to import the LDAP server certifcate to the Cert-Store  as I am purely new in doing this.


3. what would happen to the current users after changing the authentication to LDAP.

e.g. currently there is a user id 12345 and he is logging using QC authentication. we are having the same user id in LDAP (12345). so will it be possible to import the LDAP user id (12345) to Quality Center as the user id already exists. If No, then what is the work around.

OlaBerggren Reponse:

If a user with the same userid already exists, you can specify to merge the users at import or rename it. But it involves quite a few clicks, so if you have many users you may want to use another way to migrate like scripting or inserting in USERS_AUTH_DATA-table

My Query:

a) If I merge the user during import, will he be able to log in to the project using his enterprise account and password (LDAP authentication) to the same project that previous user with the same name was having access.

b) We have around 1500 users and as per your response the migration can happen using scripting or inserting in USERS_AUTH_DATA-table

Could you please send me a detailed procedure on this as I am new in LDAP import.

Thanks and Regards

Deb

 

0 Likes
OlaBerggren Acclaimed Contributor.
Acclaimed Contributor.

Re: Regarding LDAP Authentication in HP ALM

Hi

First of all you will need to do this in a test environment, to make sure how everything works, which the important IDs are and so on.

1. If your are going to use LDAPS and your ldapserver uses a certificate that is not issued by an Issuer defined in the standard java cacert store. Then you will need to import the issuer certificate. To do so, you will need to download and save it.

Then on the ALM server start a cmd-prompt as Admininstrator and run something like this. Paths can differ depending on where installation was done.

"C:\Program Files\HP\ALM\java\jre\bin\keytool" -keystore "C:\Program Files\HP\ALM\java\jre\lib\security\cacerts" -storepass changeit -import -trustcacerts -file "c:\temp\Issuer_cert.crt" -alias Issuer_cert 

More information can be found in the installation documentation.

3. Switching to LDAP will only change the authentication/login everything else will be the same.

When we did the migration we made a (vb)script that was using OTA, that looped through all users and read/searched in the ldap server for the correct user and then wrote the correct fiels back.

It is a bit to complicated to explain in detail here.

In your case I would have checked how everyting looks in the database after importing a user from the ldap. Then get a list of all users in the ldap and then created inserts to the USERS_AUTH_DATA-table and executed them direcly to the database

br /ola


Please mark post as solved if your problems or questions is/are resolved.
If this post was valuable to you, please consider kudo it..

 

 

 

.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.