If you would like to use your own LDAP groups, you must use CA EEM as described in the below example:
a) custom LDAP groups:
b) We use the default apm users: admin, cemadmin, guest, etc.
c) Each user has been assigned to the its corresponding APM group using the same user structure as the one provided in the users.xml as below:
NOTE: The name or number of LDAP groups is not important as long as you properly allocate the LDAP user or groups to the correct APM policies as documented below:
Step 1: Install and configure EEM with Introscope EM as per KB TEC593939 - How to implement CA EEM and LDAP for Authentication and Authorization of CA APM: http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec593939.aspx
Step 2: Once you finish uploading the safex script, configuring EEM with your LDAP server and reconfiguring your realms.xml in the Introscope EM, you need to update the predefined APM EEM policies with your custom LDAP groups as below:
2a) login to the EEM APM application
2b) Go to the Manage Access Policies > You will see all the APM policies that have been created when you executed the APM safex scripts.
2c) Update all the APM Policies with your own Global Groups (LDAP groups):
Here is an example when updating the Access Policy:
Below a quick summary view to all the policies:
Step 3: Restart the Introscope EM
Step 4: Login to the CEM console
You can also verify the results in the log