Creating authentication realms

To create an authentication realm, specify where to store information about the users, such as internal storage on the server or on an LDAP server.

Procedure

  1. Click Settings > Authentication (Users) > Create New Realm to open the Create New Authentication Realm pane.
  2. Enter a name, description, and other parameters common to all types:
    Allowed Login Attempts
    Number of attempts allowed. A blank value means an unlimited number of attempts.
    Authorization Realm
    Requires that the authorization realm was previously created.
    Type
    Available types are: LDAP or Active Directory, Single Sign-on, and Internal Storage.
  3. If the selected type is Internal Storage, no additional parameters are needed. If the selected type is LDAP or Active Directory, or Single Sign-on, specify the following parameters:
    Table 1. Authentication Realm properties
    Field Type Description
    LDAP URL LDAP URL to the LDAP server beginning with ldap:// or ldaps://. Separate additional servers with spaces.
    Search Anonymously LDAP Select if LDAP allows anonymous queries. If unchecked, specify the LDAP directory to search, and associated password.
    searchTypeLabel LDAP Specifies how LDAP is searched. If users exist in multiple directories, select LDAP users may exist in many directories; search across LDAP using a criteria; otherwise select LDAP users exist in a single directory; use a pattern to create the DN for users.. Depending on the selection, additional fields are displayed.
    User Search Base LDAP When searching multiple directories, the starting directory that is used for searches, such as ou=employees,dc=mydomain,dc=com.
    User Search Filter LDAP When searching multiple directories, LDAP filter expression that is used to search for user entries. The name is substituted in place of 0 in the pattern, such as uid={0}. If the value is not part of the DN pattern, wrap the value in parenthesis, such as (accountName={0}).
    Search User Subtree LDAP When searching multiple directories, check this box to search directories below the base directory.
    User DN Pattern LDAP When searching a single directory, the name is substituted in place of 0 in the pattern, such as cn={0},ou=employees,dc=yourcompany,dc=com.
    Name Attribute LDAP Contains the user's name, as set in LDAP.
    Email Attribute LDAP Contains the user's email address, as set in LDAP.
    User Header Name SSO Header that contains the list of users.
    Email Header Name SSO Header that contains the list of user email addresses.
    Logout URL SSO URL where the user is redirected after logging out of IBM® UrbanCode Deploy.

Results

When new users log on using their LDAP or SSO credentials, they are listed on the Authentication Realm Users pane. In most cases, do not manage user passwords or remove users from the list. If an active user is removed from IBM UrbanCode Deploy, they are still able to log on to the server while their LDAP credentials are valid.

Feedback