New User -> Authentication: LDAP

Document ID : KB000009825
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

CA Release Automation offers 4 different ways to give LDAP users access to it. One method is to import groups. This method requires the ldap settings inside the distributed.properties file to be properly configured. The other three methods involve adding individual users. If you are not importing groups and only adding individual users then it is recommended that the distributed.properties file not have any ldap settings set because it can confuse the situation when trying to setup your individual users and ldap user login tests.

The other three methods are:

  1. New User -> Authentication: LDAP
  2. Load from File
  3. Import from LDAP

This article discusses highlights some points that are important to #1 (New User -> Authentication: LDAP). 

Background:

It is important to note that this option (New User -> Authentication: LDAP) does not create a user in your LDAP server/environment. 

View this screenshot to see the ApacheDS LDAP properties for the user account used in this article: ApacheDS_User_Properties_Screenshot.png

 

Environment:
CA Release Automation 6.2.0.3057ApacheDS?2.0.0-M23
Instructions:

Once you have navigated to the Administration -> User Management screen, click on the drop down menu next to Users. This will give you the option to select New User. Once you have selected New User there will be an "Authentication" field where you can choose:

  • Basic
  • LDAP

For this article we're concerned with specifying the LDAP option. This resets the input fields to include information for: LDAP Host, Port, Search Context, and Security Context.

The main fields for successfully saving a new user are:

  • User Name:
  • LDAP Host:
  • LDAP Port:
  • LDAP Search Context:

The main fields for successfully logging in as the added user are slightly different. They are:

  • User Name:
  • LDAP Host:
  • LDAP Port:
  • LDAP Security Context:

You'll notice that LDAP Search Context is not included but LDAP Security Context is. This is because the record can be saved without the LDAP Security Context - though the user seemingly cannot login. However, you can successfully login when setting the "LDAP Search Context" field to dc=fakedc.com and setting the "LDAP Security Context" to the fully distinguished name of your user. It is recommended to set the "LDAP Security Context" to the fully distinguished name of your user and the "LDAP Search Context" to a level its parent container. Using the user from the screenshot above the fields would have the following recommended properties: 

  • User Name: supteam1user
  • LDAP Host: myapacheds-server
  • LDAP Port: 10389
  • LDAP Search Context: ou=ReleaseAuto,ou=DevOps,ou=TechnicalSupport,dc=ts.ca,dc=com
  • LDAP Security Context: uid=SupTeam1User,ou=ReleaseAuto,ou=DevOps,ou=TechnicalSupport,dc=ts.ca,dc=com