1 of 1 people found this helpful
RSSO should be a full replacement of ASSO. Any information/ideas about local ldap?
>> - Does RSSO also provide a local ldap which could be used?
RSSO does not provide the embedded LDAP. You can use RSSO Local User Management to manage users and groups.
But I'd recommend you to use some LDAP implementation since for now Local User Managment is quite simple users/groups management solution which is not supposed to be a corporate-wide high-performance authentication provider.
>> - Is there an other way (more elegant way) to use the AR user/groups with RSSO and Discovery?
It looks for me as you're asking about getting the users and the groups directly from AR. Upcoming Patch 1 for RSSO 9.1.03 will introduce API which supports groups for LDAP and Local User Management but not for AR.
thanks for your reply.
>>It looks for me as you're asking about getting the users and the groups directly from AR.
This would be the desired way - an autonomous working BMC "stack" - without any "third party software".
Unfortenatly Discovery requires a ldap directory and can't be "connected" to the AR user store directly.
Maybe I should place a RFE at Discovery community for this .
As for now our only solution is to run ASSO and RSSO parallel.
Atrium SSO uses internally OpenDJ as LDAP implementation. It's an open source, not BMC product.
You can use the same with RSSO.
Also please note that Atrium SSO goes to the limited support in a month according to BMC Software Product All Version Page.
So I would suggest to consider another options rather than running RSSO and Atrium SSO in parallel.
I know that ASSO will hit limited support soon. Thats why we're going to migrate all currently possible things to RSSO.
Also, as far as the documentation states, ASSO is the only supported SSO for TrueSight (I didn't find anything related to RSSO at the TrueSight docs).
So we're forced to run them parallel.
ASSO would "just" be used as an Discovery ldap directory and TrueSight and RSSO would be used for BAO, Discovery, ITSM Suite ...
Hi Patrick -
How many users do you have logging into Discovery? Generally we would expect the domain of Discovery Users to be very small relative to ITSM.
our Discovery environment has around 1000 possible users (every internal it staff member, most of them with read-only permissions but some others with permissions to add credentials or create application models [without publishing/tpl generation]) and roundabout 100 daily users.
The suite got 25k possible users. So running an additional ldap server for that small amount of users would be a bit oversized (ASSO works great for that use-case ).
We have multiple Microsoft Domains without any domain trust and we won't get the permissions to update users/groups.
In fact of this, if forced to use the Mircosoft ADs we would lose control of our BMC environment and it would be impossible to authenticate every possible user.
Thanks for this clarification on your use case.
>>Also, as far as the documentation states, ASSO is the only supported SSO for TrueSight (I didn't find anything related to RSSO at the TrueSight docs).
That's true for now. But the next TrueSight release will introduce RSSO support.
1 of 1 people found this helpful
Well to close that question:
We installed a lightweight Apache Directory Server which gets populated with an AI job to serve our purpose.