Creating an LDAP authorization realm

An LDAP authorization realm uses an external LDAP server for authorization.

Procedure

  1. Click Settings > Authorization (Groups) > Create Authorization Realm to open the Create Authorization Realm dialog.
  2. Enter a name in the Name field.
  3. Ensure that LDAP or Active Directory is selected in the Type list.
  4. Select a search type to use when importing groups. If you select Roles in LDAP reference their members; look up group membership by searching for roles, specify the following parameters:
    Table 1. LDAP properties
    Field Description
    Group Search Base Directory that is used for group searches, such as ou=employees,dc=mydomain,dc=com.
    Group Search Filter LDAP filter expression that is used when you search for user entries. The name is substituted in place of 0 in the pattern, such as uid={0}. If that is not part of the DN pattern, wrap the value in parenthesis, such as ud=(0).
    Group Name Directory name that is used to bind to LDAP for searches, such as cn=Manager,dc=mycompany,dc=com. If not specified, an anonymous connection is made. Required if the LDAP server cannot be anonymously accessed.
    Search Group Subtree Subtrees (if any) are searched if checked.
    If you select User roles are defined as an attribute on that user; look up group membership using this attribute, specify the name of the attribute that contains role names in the user directory entry in the User Group Attribute field. If user groups are defined in LDAP as an attribute of the user, the Group Attribute configuration must be used.
    Note: The first time an unknown user attempts to log on, LDAP authorization realms are searched in an attempt to identify the user. If the user is found, a corresponding user ID is created in IBM® UrbanCode Deploy. In addition, if the user is part of an LDAP group, that group is imported as well.

Feedback