To enable an application to use external usernames and passwords, you need to first configure CA EEM to use external directories.



Similar documents
Here you can see an example of the command results:

Using LDAP Authentication in a PowerCenter Domain

Integrating LANGuardian with Active Directory

Sample Configuration: Cisco UCS, LDAP and Active Directory

Your Question. Net Report Answer

Skyward LDAP Launch Kit Table of Contents

Configuring User Identification via Active Directory

Siteminder Integration Guide

Upgrading User-ID. Tech Note PAN-OS , Palo Alto Networks, Inc.

Summary. How-To: Active Directory Integration. April, 2006

Field Description Example. IP address of your DNS server. It is used to resolve fully qualified domain names

Client Configuration Secure Socket Layer. Information Technology Services 2010

Configuring and Using the TMM with LDAP / Active Directory

Managing User Accounts

Configuring Sponsor Authentication

PineApp Surf-SeCure Quick

NSi Mobile Installation Guide. Version 6.2

PRODUCT WHITE PAPER LABEL ARCHIVE. Adding and Configuring Active Directory Users in LABEL ARCHIVE

CRM Migration Manager for Microsoft Dynamics CRM. User Guide

Mozilla Thunderbird: Setup & Configuration Learning Guide

Installation and Configuration Guide

Managing Qualys Scanners

Using LifeSize systems with Microsoft Office Communications Server Server Setup

How To Take Advantage Of Active Directory Support In Groupwise 2014

Managing Identities and Admin Access

LDAP Implementation AP561x KVM Switches. All content in this presentation is protected 2008 American Power Conversion Corporation

Stonesoft Firewall/VPN 5.4 Windows Server 2008 R2

Active Directory Integration

Configuring Steel-Belted RADIUS Proxy to Send Group Attributes

LDAP Authentication and Authorization

Using Logon Agent for Transparent User Identification

Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP

QUANTIFY INSTALLATION GUIDE

CA Spectrum and CA Embedded Entitlements Manager

PriveonLabs Research. Cisco Security Agent Protection Series:

Getting Started with Clearlogin A Guide for Administrators V1.01

LDAP Synchronization Agent Configuration Guide

XStream Remote Control: Configuring DCOM Connectivity

ing from The E2 Shop System address Server Name Server Port, Encryption Protocol, Encryption Type, SMTP User ID SMTP Password

WirelessOffice Administrator LDAP/Active Directory Support

Synchronization Agent Configuration Guide

IIS, FTP Server and Windows

ATT8367-Novell GroupWise 2014 and the Directory Labs

Single Sign-On in SonicOS Enhanced 5.5

Configuring SonicWALL TSA on Citrix and Terminal Services Servers

Setting up LDAP settings for LiveCycle Workflow Business Activity Monitor

Content Filtering Client Policy & Reporting Administrator s Guide

Creating Home Directories for Windows and Macintosh Computers

StarWind iscsi SAN & NAS: Configuring HA File Server on Windows Server 2012 for SMB NAS January 2013

TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link:

Active Directory Authenication

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Managing User Accounts

NAS 206 Using NAS with Windows Active Directory

Managing the System Event Log

Configuring HP Integrated Lights-Out 3 with Microsoft Active Directory

ProxySG TechBrief LDAP Authentication with the ProxySG

Application Note. ShoreTel 9: Active Directory Integration. Integration checklist. AN June 2009

For Active Directory Installation Guide

LDaemon. This document is provided as a step by step procedure for setting up LDaemon and common LDaemon clients.

To install Multifront you need to have familiarity with Internet Information Services (IIS), Microsoft.NET Framework and SQL Server 2008.

HIRSCH Velocity Web Console Guide

Active Directory integration with CloudByte ElastiStor

Installation Guide v3.0

Installing Active Directory

USER GUIDE. Lightweight Directory Access Protocol (LDAP) Schoolwires Centricity

Using RADIUS Agent for Transparent User Identification

MadCap Software. Upgrading Guide. Pulse

Using DC Agent for Transparent User Identification

VERALAB LDAP Configuration Guide

LDAP Synchronization Agent Configuration Guide for

Managing User Accounts

User-ID. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

Dell Compellent Storage Center

User Management Guide

Using LifeSize Systems with Microsoft Office Communications Server 2007

HP Device Manager 4.7

Video Administration Backup and Restore Procedures

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

Embedded Web Server Security

Windows 2000 Active Directory Configuration Guide

How to move to your account with MAC Mail

WhatsUp Gold v16.1 Installation and Configuration Guide

Open Directory. Contents. Before You Start 2. Configuring Rumpus 3. Testing Accessible Directory Service Access 4. Specifying Home Folders 4

CompleteView Admin Console Users Guide. Version Revised: 02/15/2008

SafeWord Domain Login Agent Step-by-Step Guide

Basic Exchange Setup Guide

How to Logon with Domain Credentials to a Server in a Workgroup

Setting up Sharp MX-Color Imagers for Inbound Fax Routing to or Network Folder

SOS SO S O n O lin n e lin e Bac Ba kup cku ck p u USER MANUAL

Single Sign-On in SonicOS Enhanced 5.6

How to add your Weebly website to a TotalCloud hosted Server

Active Directory Requirements and Setup

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: October 08, 2014

F-Secure Messaging Security Gateway. Deployment Guide

ContentWatch Auto Deployment Tool

Customer Tips. Configuring Color Access on the WorkCentre 7328/7335/7345 using Windows Active Directory. for the user. Overview

Fairfield University Using Xythos for File Sharing

Configuring Avaya 1120E, 1140E, 1220 and 1230 IP Deskphones with Avaya IP Office Release 6.1 Issue 1.0

Migrating MSDE to Microsoft SQL 2008 R2 Express

Transcription:

Most clients utilize an external directory tool, such as Microsoft Active Directory, to provide authentication. CA Embedded Entitlements Manager (EEM) can be configured to integrate with the same external directory, eliminating the need to administer separate sets of user ids and passwords for each application that uses EEM to provide authentication. EEM currently supports the following types of external directories: Microsoft Active Directory Sun One Directory Novel edirectory Novel edirectory CN Custom Mapped Directory This document focuses on how to configure Microsoft Active Directory and Global Catalog. It also incorporates a Custom Mapped Directory to accomplish a specific Use Case. To enable an application to use external usernames and passwords, you need to first configure CA EEM to use external directories. Tip! If there are a large number of users in your Active Directory, you should configure CA EEM to use the Global Catalog. This will provide significantly better performance. Further information on how to do this is provided later in this document. To configure EEM to use an external directory, do the following: 1. Launch the CA EEM UI https://localhost:5250/spin/eiam/eiam.csp The login dialog will display. 2. Select <Global> application, enter your EiamAdmin password and click Login. 3. Select the Configure Tab.

4. Select the EEM Server sub tab: 5. Select Global Users / Global Groups: 6. Select the Reference from an external directory option and select the appropriate external directory from the Type drop down menu.

For example, here it shows the Microsoft Active Directory is selected. 7. Provide the necessary BaseDN and UserDN details which can be obtained from LDAP administrator. 8. Click Save to save changes 9. Review the Status and ensure that External directory bind succeeded is checked. If this is not the case then the BaseDN, UserDN or password you provided is not correct. Important! When you connect CA EEM to an external LDAP directory, you can only work with global users. You cannot create any application users using CA EEM. You can, however, create application groups using CA EEM. You can manually configure EEM to use External directory by updating the ipoz.conf file or through the EEM GUI. The ipoz.conf file resides in the itechnology folder. The default location is C:\Program Files\CA\SharedComponents\iTechnology

Unless you are familiar with the ipoz.conf format, however, you should use the EEM GUI to configure external directory. Here you can see an example of the configuration dialog and the type of information you will need to provide: Where: Type Specifies the type of external directory. CA EEM currently supports: Custom Mapped Directory, Microsoft Active Directory, Novell edirectory, Novell edirectory- CN, and Sun One Directory. Host Specifies the host of the external directory. Hostname is the IP name or address of the computer on which the external directory is installed and running. The IP name or address can be in Internet Packet version 4 (IPv4) or version 6 (IPv6) format. Port Specifies the port to connect to on the external directory host. This is an LDAP port. The default for Microsoft Active Port is 389. Port 3268 is for Global Catalog Base DN Specifies the LDAP DN that is used as the base. Only global users and groups discovered underneath this DN are mapped into CA EEM. Note: No spaces are allowed in this Base DN field. User DN Specifies the DN to use to attach to the external directory host.

Note: No comma is allowed in the cn of the User DN. For example, if your User DN is: cn=firstname,middlename,dc=foo,dc=com use the backslash (\) character before the comma. For example, User DN: cn=firstname\,middlename,dc=foo,dc=com Password and Confirm Password Specifies the password for the User DN that is used to attach to the external directory host. Transport Layer Security Specifies whether to use TLS when making the LDAP connection to the external directory. Include Unmapped Attribute Indicates the external attributes that are not mapped. Note: Unmapped attributes can be used for search and as filters. Cache Global Users If selected, CA EEM Server caches global users in memory. Although this enables faster lookups it can impact scalability. If this option is selected, it may take significantly longer when loading users from the external directory and there is potential risk of EEM taking up lot of resources. Note: Global user groups are always cached. Cache Update Time Specifies the time (in minutes) to update the cached groups (and, optionally, users). Retrieve Exchange Groups as Global User Groups If this option is selected, the CA EEM Server retrieves the universal, global, and domain local security groups. This lets you write policies against members of distribution lists. Status Here you can see the status of the External directory bind and whether the External directory data is loaded or not. There are three possible states: External directory bind is successful and/or data is loaded. External directory data is still loading. External directory bind failed. Note: To refresh the status, without saving the changes, click Refresh status. When there is large number of users or groups, configuring CA EEM External Directory support to use Global Catalog for Microsoft Active Directory is highly recommended. Otherwise, it may take a significantly long time to extract data from those users or groups. For example, in a typical extract with approximately 15,000+ users the time it took to load those users could be measured in seconds when Global Catalog was used rather than in hours when not using Global catalog. To configure EEM External Directory to use Global Catalog, do the following:

1. Launch the CA EEM UI https://localhost:5250/spin/eiam/eiam.csp 2. Select <Global> application, enter your EiamAdmin password and click Login. 3. Select the Configure Tab. 4. Click EEM Server subtab 5. Select Global Users / Global Groups from the right pane. 6. Select Reference From an external Directory button 7. Select Microsoft Active Directory from the Type drop down list. 8. Provide the Active Directory Host name in the Host field. 9. Specify the Global Catalog Port in the Port field. The default for this is 3268 10. Provide Base DN and User DN details

11. Click Save to save your changes. 12. Verify that the Binding was successful Important!: A Bind successful status indicates that it was able to connect (attach) to the Active Directory using your DN details and password - it does not necessarily mean that you will get the required number of users. If your Base DN is not correct, it may not extract any users.

13. Verify that the specified Base DN is correct and that it has extracted the required number of users. To do this: a. Select the Manage Identities tab b. Specify Search criteria in the Value field and click Go. For example, specify eem* to select all users prefixed by eem: To check for the existence of a Global Catalog do the following: 1. On the Active Directory Server, Select Active Directory Sites and Services from the Administrative Tools menu. 2. Double-click Sites, and then double-click your sitename. 3. Double-click Servers, click your domain controller, right-click NTDS Settings, and select Properties.

4. Verify that Global Catalog is selected:

Since CA EEM supports connection to only a single directory at a time single domain this means that you cannot connect to multiple external directories at the same time. If, however, it is a requirement that you be able to retrieve users from multiple domains, there are two approaches you can use: You can connect to the Active Directory Global Catalog which will have the data for all the directories in the forest. You can use the DXLINK functionality of CA Directory. You can connect to the dxlink as the external directory in EEM using the custom mapped directory feature. The dxlink has the capability to connect to multiple directories at a time which would provide CA EEM with the view of multiple directories. Following are examples demonstrating how CA EEM would be configured to support an External Directory. In this example the client wishes to configure CA EEM to use Active Directory as External Directory, however, the Security administrator only wants CA EEM to extract those users\groups who are members of a Security Group that will be created for that purpose. This can be accomplished by configuring CA EEM to use Custom Mapped Directory as External Directory. To do this: 1. Launch the CA EEM UI and navigate to EEM Server -> Global Users / Global Catalog as described in the previous sections. 2. Select Custom Mapped Directory from the Type drop down menu and specify a Label of Microsoft Active Directory. 3. Enter the Host, Port, Base DN, User DN and Password details as described in the Configure EEM for Active Directory section earlier. 4. Click Label to update filter criteria to meet security administrator requirements

5. Update User Filter to add memberof criteria. For example, change the following: (&(objectclass=user)(!(objectclass=computer))) To (&(objectclass=user)(!(objectclass=computer))( (memberof=cn=domain Admins,CN=Users,DC=forward,DC=inc)(memberOf=CN=EEMGroup1,CN=Users,DC=forward, DC=inc))) In this example, the filter is based on multiple groups. The user has to be member of Domain Admin or security group EEMGroup1 for it to be selected. If you just have one group to filter on: (&(objectclass=user)(!(objectclass=computer))(memberof=cn=eemgroup1,cn=users, DC=forward,DC=inc))

6. Once you have updated the User Filter click Save Label This will update or create the ipoz.map file in itechnology folder. You will need to click Save as well if you have made changes to any of the items listed in step 3

7. Verify that the filter works and only the members of the specified security group are selected. See list item 13 in the Configuring CA EEM to Use Global Catalog as External Directory section earlier for information on how to verify extracted users.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information