Creating authentication realms

To create an authentication realm, specify where to store information about the users, such as internal storage on the server or on an LDAP server.

Procedure

  1. Click Settings > Authentication > Create New Realm to open the Create New Authentication Realm pane.
  2. Enter a name, description.
  3. Enter the number of user login attempts in the Allowed Login Attempts field. A blank value means that an unlimited number of attempts are allowed.
  4. Select the authorization realm from the Authorization Realm list. The internal security realm is initially available.
  5. Select the authentication realm type from the Type list. The available types are as follows: LDAP or Active Directory, Single Sign-on, and Internal Storage. If you select Internal Storage, no additional parameters are needed. If you select LDAP or Active Directory, or Single Sign-on, specify the following parameters:
    Table 1. Authentication Realm properties
    Field Type Description
    LDAP URL LDAP URL of the LDAP server beginning with ldap:// or ldaps://. Separate additional servers with spaces.
    Search Anonymously LDAP Select this check box if LDAP accepts anonymous queries. If cleared, specify the LDAP directory to search connection DN, and associated password. Checked by default.
    Search Connection DN LDAP Complete LDAP directory name to search. Used if the Search Anonymously check box is unchecked.
    Search Connection Password LDAP Password that is used for LDAP searches. Used with the Search Connection DN field.
    Specify how to search LDAP LDAP Specifies how LDAP is searched. If users exist in multiple directories, select LDAP users may exist in many directories; search across LDAP using a criteria; otherwise select LDAP users exist in a single directory; use a pattern to create the DN for users.. Depending on the selection, additional fields are displayed.
    User Search Base LDAP When you search multiple directories, the starting directory that is used for searches, such as ou=employees,dc=mydomain,dc=com.
    User Search Filter LDAP The LDAP filter expression to use when you search for group entries. The user name replaces the {1} variable in the search pattern, and the full user DN replaces the {0} variable. If the value is not part of the DN pattern, enclose the value in parenthesis, for example, (accountName={0}).
    Search User Subtree LDAP When you search multiple directories, select this check box to search directories below the base directory.
    User DN Pattern LDAP When you search a single directory, the name is substituted in place of 0 in the pattern, for example, cn={0},ou=employees,dc=yourcompany,dc=com.
    Name Attribute LDAP Contains the user name in LDAP.
    Email Attribute LDAP Contains the user email address in LDAP.
    User Header Name SSO Header that contains the list of users.
    Email Header Name SSO A header that contains the list of user email addresses.
    Logout URL SSO The URL where the users are redirected after they log out of IBM® UrbanCode Deploy.

Results

When new users log on using their LDAP or SSO credentials, they are listed on the Authentication tab. In most cases, do not manage user passwords or remove users from the list. If an active user is removed from IBM UrbanCode Deploy, they are still able to log on to the server while their LDAP credentials are valid.

Feedback