Defining LDAP Settings for Importing Users

To enable you to import users from an LDAP directory to the Users list in Site Administration, you must define your LDAP import settings.

When you import users from an LDAP directory, ALM copies attribute values from an LDAP directory into ALM. For each imported user, the following attribute values are copied:

  • Distinguished name (DN). A unique name that is made up of a sequence of relative distinguished names (RDN) separated by commas.

    Example: CN=John Smith, OU=QA, O=Micro Focus

    CN is the common name; OU is the organizational unit; and O is the organization.

  • Userid (UID). The name that identifies a user as an authorized user. The UID attribute value is mapped to the User Name field in ALM.

  • Full Name, Description, Email and Phone. Optional attributes that are used to populate the Full Name, Description, Email, and Phone Number fields for each user imported from an LDAP directory.

Note: The optional LDAP_IMPORT_ATTRIBUTE_MASK parameter enables you to define a regular expression that can be used to distinguish between different values for an LDAP attribute. For details, see Setting ALM Configuration Parameters.

To define LDAP settings for importing users:

  1. In Site Administration, click the Site Users tab.

  2. Click the User Settings button and select Multi LDAP Settings. The LDAP Settings dialog box opens.

  3. Click New. Enter the server name and click OK.

    Server Name is valued with the server name, and other fields are valued with default values.

  4. In the Directory provider URL box, type the URL of the LDAP server (ldap://<server name>:<port number>).

  5. Under LDAP authentication type:

    • Select Anonymous to enable you to import users from the LDAP server using an anonymous account.

    • Select Simple to enable you to import users from the LDAP server using an authorized (search-entitled) user account and password. If you select Simple, the following options are enabled:

      • In the Authentication principal box, type the authorized user name.

      • In the Authentication credentials box, type the password.
    • If you are using lightweight single sign-on, select Use LWSSO and enter the LDAP attribute name to be used as the lightweight single sign-on login name.

  6. Click Test Connection to test the URL of the LDAP server.

  7. In the Directory base box, type the LDAP directory name.

    Note: The Directory base is a distinguished name of a node in the LDAP hierarchy and is used as a root for operations retrieving data. If this field is left empty, it dramatically increases the search time of a user in the LDAP tree.

  8. In the Base filter box, define filter criteria.

  9. In the Result record limit box, enter the maximum number of records to display in the Import LDAP Users by Keyword dialog box. The default value is 100.

    Note: A value less than the recommended minimum value of 100 can slow LDAP imports and searches. A value greater than the recommended maximum value of 10000 can cause the server to run out of memory.

  10. Define the Timeout value to indicate the maximum time in seconds to wait for response from the LDAP server.

  11. Define the corresponding LDAP field names. Note that User Name is a required field.

  12. To set the default values for the Active Directory, click Use default values for: and select Active Directory.

  13. To set the default values for LDAP, click Use default values for: and select LDAP.

  14. Click Save to save the LDAP directory.

    As each LDAP directory is created, it is added to the LDAP server panel. You can add or delete LDAP directories from this panel.

    Note: When a user logs in, ALM searches the LDAP directories in the order they are listed in the LDAP server panel until a match is found.

  15. Click Close to close the LDAP Settings dialog box.