Plan for LDAP (on-premises)
This topic describes how ALM Octane works with LDAP for user management so you can plan accordingly.
Once you configure for LDAP user management, you cannot return back to native, internal user management.
ALM Octane does not support the management of both LDAP and native, internal users simultaneously.
Native, internal users will not be able to log into ALM Octane after LDAP is configured. You have to include or import them as LDAP users. Therefore, we recommend that you deactivate these users after LDAP configuration.
ALM Octane authenticates LDAP users when they log in.
When logging into ALM Octane, the LDAP user enters the name and password.
ALM Octane looks up the name in its list of LDAP users.
ALM Octane locates the corresponding LDAP dn for the LDAP user.
ALM Octane locates the user using the mapping settings defined in Settings > Site > Servers under the LDAP Configuration section. For details, see Set up LDAP (on-premises).
ALM Octane locates the user in LDAP by dn to see if the user is authenticated.
You manage your users using your organization's LDAP system.
However, you use one of the following methods to take the details about existing users in your LDAP system and import them into ALM Octane:
|Export and import||Export LDAP users to a .csv file, and then import the .csv file using ALM Octane settings. See Import LDAP users into ALM Octane. This is useful for first-time LDAP configuration, when you have many LDAP users to add to ALM Octane at one time.|
|Add users from LDAP||Add LDAP users in the ALM Octane Settings area. This is useful for adding LDAP users periodically, without having to re-export and re-import. See Set up LDAP (on-premises).|
You can create an LDAP user using the REST API by posting the user with certain LDAP attributes.
You cannot use the REST API to import existing LDAP users from a .csv file. You can only create new ones manually that represent the details of the existing users in the LDAP system.
For details about using the REST API to create users,
Learn how your LDAP users will map to existing users in ALM Octane, if any exist.
How ALM Octane determines a match
ALM Octane compares the following details of each imported LDAP user to the existing user information in ALM Octane:
|LDAP User Attribute||ALM Octane User Field|
|The immutable LDAP UUID (universally unique ID)||uid|
|The logon name||Login Name (name field in REST API)|
See Mapping for how a summary of how ALM Octane maps ALM Octane and LDAP attributes.
How ALM Octane handles a match
If either of these attributes matches, the imported LDAP user is considered existing.
ALM Octane updates the details of the existing, native ALM Octane user to those of the corresponding LDAP user.
What ALM Octane does when not able to match an LDAP user to an ALM Octane user
The imported LDAP user is considered new.
ALM Octane creates new users using the details of the corresponding LDAP users. New users are assigned to the default workspace with the pre-defined viewer role.
What ALM Octane does when not able to match any LDAP user
Because you cannot have a mix of users created with ALM Octane internal user management and users imported from LDAP, the non-LDAP ALM Octane users are unable to log in to ALM Octane. In this case, we recommend you manually deactivate these users. For details on deactivating users, see Assign roles and permissions.
Mappings are configured in ALM Octane Settings. For details, see Field Mapping.
|Mapping||Field in ALM Octane UI||Field in ALM Octane Settings UI for mapping||ldap.conf field for mapping||Field in ALM Octane REST API||In LDAP||Example|
|Immutable, universally-unique identifier||uid||UID||uid||uid||UUID||entryUUID in OpenLDAP|
|Unique identifier across all ALM Octane users||
Login Name field
|Logon name||logon-name||name||Logon Name|