How to set the DE LDAP to recurse through the AD structure

Document ID : KB000068861
Last Modified Date : 21/08/2018
Show Technical Document Details
Introduction:

How to retrieve users from the LDAP server recursively through the Active Directory (AD) structure.

Background:
The CA Workload Automation DE 12.0 documentation described how to retrieve the LDAP users from the DE server, please look for the "Retrieve and Authenticate Users of an LDAP Group" paragraph;
https://docops.ca.com/ca-wla-de/12-0/en/administrating/securing/authenticating-users-to-the-server-using-ldap 
 
Environment:
CA Workload Automation DE (dSeries)
Instructions:

Basically, you would need to add following parameters into the <DE_install_dir>/conf/server.properties file: 

ldap.pullUsersFromSubdirectories=true 

and 

LDAP_GETUSERS_FILTER=(&(|(|(|(objectClass=person) 

(objectClass=organizationalPerson))(objectClass=inetOrgPerson)) 

(objectClass=user))(memberOf=LDAP_group)) 

 

LDAP_USERLOGIN_FILTER=(&(&(|(|(|(objectClass=person) 

(objectClass=organizationalPerson))(objectClass=inetOrgPerson)) 

(objectClass=user))(memberOf=LDAP_group))(__ldapLoginNameProp__=__user__)) 

 

For example, 

LDAP_GETUSERS_FILTER=(&(|(|(|(objectClass=person)(objectClass=organizationalPerson)) 

(objectClass=inetOrgPerson))(objectClass=user))(|(memberOf=CN=Team-ITC-Women-Forum, 

OU=Groups,OU=ITC Hyderabad,DC=ca,DC=com)(memberOf=CN=Team-ITC-Women-Forumextteam, 

OU=Groups,OU=ITC Hyderabad,DC=ca,DC=com))) 

 

LDAP_USERLOGIN_FILTER=(&(&(|(|(|(objectClass=person) 

(objectClass=organizationalPerson))(objectClass=inetOrgPerson))(objectClass=user))(| 

(memberOf=CN=Team-ITC-Women-Forum,OU=Groups,OU=ITC Hyderabad,DC=ca,DC=com) 

(memberOf=CN=Team-ITC-Women-Forumextteam,OU=Groups,OU=ITC Hyderabad,DC=ca,DC=com))) 

(__ldapLoginNameProp__=__user__)) 

 

NB. By default, the DE server does not retrieve and authenticate users of an LDAP group so you need shown parameters to retrieve and authenticate them. 

Also, please note that the DE can work with only one LDAP server at a time.