How to configure/troubleshoot LDAP authentication in BPPM.

Version 12

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    ProactiveNet Performance Management Suite


    How to configure/troubleshoot LDAP authentication in BPPM.



    Legacy ID:KA359011


    See attached document for screenshots.


    If you want to enable LDAP authentication with BPPM, please go through these steps:

      In pw\pronto\conf\ 
      # Enable/disable LDAP login module. 
      # When it is enabled, "ldap_configuration.xml" file has to be filled. 
      # Allow local, file-based, user groups to apply to LDAP authenticated users. 
      # When it is enabled, groups defined for users in the user_definitions.xml file 
      # will apply to the user when authenticating through LDAP. 
      #search for this group only in Ldap 
    Users,BPPM Users
      This is what I have for the ldap_configuration.xml file: 
      <ldap alias="SAM.COM"> 
               <connectionPassword encrypted="true">jgDY86jLiVcnIw52M4m2tScjDnYziba1JyMOdjOJtrUnIw52M4m2tScjDnYziba1JyMOdjOJtrUnIw52M4m2tQ==</connectionPassword> 
      In ldap_ppm_group_mapping.xml : 
      <!DOCTYPE properties SYSTEM ""> 
           Each entry's key is the LDAP group name and the value is the PPM group assigned to it. 
                <entry key="ldap_group1">PPM Group1</etnry> 
              <entry key="IX Users">Full Access</entry>
           <entry key="BPPM Users">Full Access</entry>
      Make sure the users belong to at least one of the groups specified above (IX Users, BPPM Users)   
      Directly in AD: see attached .doc file 
      Or via an LDAP browser: see attached .doc file  
      You should be now able to log into BPPM using the LDAP users. 
      For troubleshooting problems, set FINEST as logging level for IAS. 
      # Specifies the handler for IAS logging 
      # Specifies the level on IAS package 
      Restart Jserver and collect logs located in pronto\logs\ias as well as following files in pw\pronto\conf : 
      Also attached here a sample of ias0.log, on a working system. The user is “struong" 

    Please note that with BPPM 9.0 it is possible to configure LDAP in the ops console (Options > Administration > Integrations). This however required a jserver restart for the change to be effective and no validation was performed on what was entered in the UI. With the release of BPPM 9.0 SP2, there is now a 'Test' button that validates the LDAP configuration and there is no longer a need to restart the jserver.

    Related Products:  
    1. BMC ProactiveNet Performance Management Suite


    Article Number:


    Article Type:


      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles