Configure UFT Mobile for LDAP
You can integrate LDAP with UFT Mobile. This enables individuals in organizations that use LDAP for managing user credentials and permissions, to access UFT Mobile with their LDAP credentials, without the need for the administrator to first add them to the list of authorized users.
In the UFT Mobile Lab console, in Administration , select the SETTINGS tab and in the left panel, click LDAP Integration. Enable and configure the LDAP settings. For details, see settings.
Important: If you are upgrading UFT Mobile from a version of earlier than 2.20, you must change the firstname.lastname@example.org user's password before configuring the LDAP settings. After logging in as the email@example.com, hover on the user name in the masthead and select Change password.
When you change the Enable/Disable settings, you must restart the UFT Mobile server for them to take effect.
Note the following considerations with regard to users when you enable LDAP integration:
- You will not be able to add, delete, or change a user's password from the Users page.
- Users that do not belong to the LDAP database will not be able to log into UFT Mobile, with the exception of the firstname.lastname@example.org user.
Before an administrator can assign an LDAP user to a workspace, the user needs to exist. Users can be added by performing a log in, through the User Management script, or via synchronization.
When users are added by first login in or via synchronization, the user receives a User role. After the initial login, an administrator can change the role to Admin.
- When you enable or disable LDAP, all non-LDAP users, excluding email@example.com, will be deleted. To retain your existing users, export them prior to enabling or disabling LDAP.
- If you switch LDAP servers, you must disable and re-enable LDAP in the Administration Settings. Otherwise, the users from the original server will still appear in the UFT Mobile user list.
- Adding up to 5000 LDAP users is supported.
- When using UFT Mobile as a managed service provided by an MSP or when shared spaces are enabled: If the Allow access to all users option was enabled at the global level in the LDAP integration settings, the Remove button will not be displayed and you will not be able to remove users from the Users page. (The deletion of users was disabled, since the removal would be temporary—it would only be effective until the next log in.)
To use UFT Mobile with secure LDAP (SSL), you will need your LDAP certificate. The section below is relevant for on-premises deployments of UFT Mobile. For UFT Mobile SaaS, open a service request to install your LDAP certificate on the server.
- Copy the certificate to the UFT Mobile server machine.
Import the LDAP certificate to the truststore on the server machine. The following is a sample keytool command for importing the certificate file:
keytool -import -trustcacerts -keystore "C:\Program Files\UFT Mobile Server\server\Security\keystore\trustStoreHpmc" -storepass password -alias myCA -file c:\hpldapsec.der
- Upload the certificate to your machine by running the
uploadCertificates.bat/shscript from the /Security folder.
- Restart the UFT Mobile server.
- In the UFT Mobile Lab Management console, select Administration Settings in the Administration tab, and scroll down to the LDAP Integration section. Enable the SSL Mode setting.
- Restart the UFT Mobile server.
You can verify the LDAP configuration and obtain your LDAP certificate by using a third-party LDAP browser tool, such as JXplorer.
- Download JXplorer.
- In JXplorer, select File > Connect. Enter the details for LDAP host, port, security level for connection, User DN, and password. Click OK.
- Add the certificate to your trusted keystore.
- Select Security > Trusted Servers and CAs. Select the certificate and click View Certificate. Click Copy to File.
If you encounter errors, there is either a problem with the parameters that you provided for the connection, or with the LDAP configuration itself.
If the list of users on the LDAP server changed, you can synchronize the LDAP server and UFT Mobile using the SYNC button.
To synchronize the users:
- In the UFT Mobile Lab console, open the Administration view.
- Select the USERS tab.
- Click the SYNC button to begin the synchronization from the LDAP server. It adds the new users to the user list. Wait for the synchronization to complete and for UFT Mobile to issue a message that the synchronization has succeeded.
Tip: By default, synchronization does not remove users that no longer exist on the LDAP server. To remove all obsolete users during a synchronization, Set the Remove users when synching to Yes on the Admin Settings > LDAP integration page.