How to configure/troubleshoot LDAP authentication in BPPM.

Version 12
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    ProactiveNet Performance Management Suite


    How to configure/troubleshoot LDAP authentication in BPPM.



    Legacy ID:KA359011


    See attached document for screenshots.


    If you want to enable LDAP authentication with BPPM, please go through these steps:

      In pw\pronto\conf\ 
      # Enable/disable LDAP login module. 
      # When it is enabled, "ldap_configuration.xml" file has to be filled. 
      # Allow local, file-based, user groups to apply to LDAP authenticated users. 
      # When it is enabled, groups defined for users in the user_definitions.xml file 
      # will apply to the user when authenticating through LDAP. 
      #search for this group only in Ldap 
    Users,BPPM Users
      This is what I have for the ldap_configuration.xml file: 
      <ldap alias="SAM.COM"> 
               <connectionPassword encrypted="true">jgDY86jLiVcnIw52M4m2tScjDnYziba1JyMOdjOJtrUnIw52M4m2tScjDnYziba1JyMOdjOJtrUnIw52M4m2tQ==</connectionPassword> 
      In ldap_ppm_group_mapping.xml : 
      <!DOCTYPE properties SYSTEM ""> 
           Each entry's key is the LDAP group name and the value is the PPM group assigned to it. 
                <entry key="ldap_group1">PPM Group1</etnry> 
              <entry key="IX Users">Full Access</entry>
           <entry key="BPPM Users">Full Access</entry>
      Make sure the users belong to at least one of the groups specified above (IX Users, BPPM Users)   
      Directly in AD: see attached .doc file 
      Or via an LDAP browser: see attached .doc file  
      You should be now able to log into BPPM using the LDAP users. 
      For troubleshooting problems, set FINEST as logging level for IAS. 
      # Specifies the handler for IAS logging 
      # Specifies the level on IAS package 
      Restart Jserver and collect logs located in pronto\logs\ias as well as following files in pw\pronto\conf : 
      Also attached here a sample of ias0.log, on a working system. The user is “struong" 

    Please note that with BPPM 9.0 it is possible to configure LDAP in the ops console (Options > Administration > Integrations). This however required a jserver restart for the change to be effective and no validation was performed on what was entered in the UI. With the release of BPPM 9.0 SP2, there is now a 'Test' button that validates the LDAP configuration and there is no longer a need to restart the jserver.

    Related Products:  
    1. BMC ProactiveNet Performance Management Suite


    Article Number:


    Article Type:


      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles