How to configure/troubleshoot LDAP authentication in BPPM.

Version 12
    Share:|

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    ProactiveNet Performance Management Suite



    QUESTION:

    How to configure/troubleshoot LDAP authentication in BPPM.


    ANSWER:

     

    Legacy ID:KA359011

      

    See attached document for screenshots.

      

    If you want to enable LDAP authentication with BPPM, please go through these steps:

      
        
      
      In pw\pronto\conf\ias.properties: 
      
      #----------------------------------------------------------------- 
      
      # Enable/disable LDAP login module. 
      
      # When it is enabled, "ldap_configuration.xml" file has to be filled. 
      
      #----------------------------------------------------------------- 
      
      com.bmc.sms.ixs.enable.ldap.login=true
      
        
      
      #----------------------------------------------------------------- 
      
      # Allow local, file-based, user groups to apply to LDAP authenticated users. 
      
      # When it is enabled, groups defined for users in the user_definitions.xml file 
      
      # will apply to the user when authenticating through LDAP. 
      
      #----------------------------------------------------------------- 
      
      com.bmc.sms.ixs.allow.local.groups.for.ldap=true
      
        
      
        
      
      #search for this group only in Ldap 
      
      com.bmc.sms.ixs.search.ldap.group=IX Users,BPPM Users
      
       
      
      This is what I have for the ldap_configuration.xml file: 
      
      <ldap alias="SAM.COM"> 
      
               <host>kratos.sam.com</host> 
      
               <port>389</port> 
      
               <version>3</version> 
      
               <baseDN>dc=sam,dc=com</baseDN> 
      
              <connectionUserName>   struong@sam.com</connectionUserName
      
               <connectionPassword encrypted="true">jgDY86jLiVcnIw52M4m2tScjDnYziba1JyMOdjOJtrUnIw52M4m2tScjDnYziba1JyMOdjOJtrUnIw52M4m2tQ==</connectionPassword> 
      
               <userIdAttribute>sAMAccountName</userIdAttribute> 
      
               <useSSL>false</useSSL> 
      
               <groupMemberAttribute>member</groupMemberAttribute> 
      
               <memberOfAttribute>memberOf</memberOfAttribute> 
      
               <userSearchFilter>(objectClass=organizationalPerson)</userSearchFilter> 
      
               <groupSearchFilter/> 
      
          </ldap> 
      
       
      
       
      
      In ldap_ppm_group_mapping.xml : 
      
      <!DOCTYPE properties SYSTEM "   http://java.sun.com/dtd/properties.dtd"> 
      
      <!-- 
      
           Each entry's key is the LDAP group name and the value is the PPM group assigned to it. 
      
           E.g. 
      
                <entry key="ldap_group1">PPM Group1</etnry> 
      
      --> 
      
      <properties> 
      
              <entry key="IX Users">Full Access</entry>
      
           <entry key="BPPM Users">Full Access</entry>
      
      </properties> 
      
        
      
      Make sure the users belong to at least one of the groups specified above (IX Users, BPPM Users)   
      
      Directly in AD: see attached .doc file 
      
        
      
      Or via an LDAP browser: see attached .doc file  
      
        
      
      You should be now able to log into BPPM using the LDAP users. 
      
        
      
      For troubleshooting problems, set FINEST as logging level for IAS. 
      
      In ias_logging.properties: 
      
        
      
      java.util.logging.FileHandler.level=FINEST
      
        
      
      # Specifies the handler for IAS logging 
      
      com.bmc.sms.ixscomm.handlers=java.util.logging.FileHandler 
      
        
      
      # Specifies the level on IAS package 
      
      com.bmc.sms.ixscomm.level=FINEST
      
        
      
      Restart Jserver and collect logs located in pronto\logs\ias as well as following files in pw\pronto\conf : 
      
        
      
          ias.properties  
        ldap_configuration.xml  
        ldap_configuration_query.xml  
        ldap_ppm_group_mapping.xml 
      
        
      
      Also attached here a sample of ias0.log, on a working system. The user is “struong" 
      

    Please note that with BPPM 9.0 it is possible to configure LDAP in the ops console (Options > Administration > Integrations). This however required a jserver restart for the change to be effective and no validation was performed on what was entered in the UI. With the release of BPPM 9.0 SP2, there is now a 'Test' button that validates the LDAP configuration and there is no longer a need to restart the jserver.

      
    Related Products:  
       
    1. BMC ProactiveNet Performance Management Suite

     


    Article Number:

    000107148


    Article Type:

    FAQ/Procedural



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles