CA APM and CA EEM authentication using LDAP Multi-Domain Setup

Document ID : KB000009739
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

 Currently, CA APM does not support the new features of EEM 12.x  Multi-Domain Setup.  It also does not support LDAP Multi-Domain setup.

 There are a couple of options that will let you utilize LDAP Multi-Domain configuration.

Background:

If you happen to have two Domains in two different regions with the same user name assigned to two different users, both cannot log into CA APM at the same time.

For an example: ldap1 (Region A users) and ldap2(Region B users) and the User "TestUser" is in both Domains, assigned to two different people.

This scenario is not a supported feature, but there is a workaround. 

Environment:
APM 9.7.xAPM 10.xEEM 12.xExternal User Directory : LDAP
Instructions:

Below are the workaround options.

 

Option 1:

Let CA APM to do the user check based on an order, ldap1 and then ldap2.

Use Introscope EnterpriseManager-LDAP authentication, add 2 realm sections for each LDAP servers.

Securing Introscope using LDAP

 


Option 2:

Let CA APM to use the authorization features from EEM: 

Use Introscope Enterprise Manager -EEM authentication, add two realm sections for the same EEM server, but configure it so that each section uses a specific Admin user for their specific region (Region A / Region B).

Configuring CA EEM authentication using LDAP

Additional Information: