LDAP system parameters

The following table describes LDAP system parameters, which enables you to authenticate Control-M/EM users with the LDAP protocol, as described in Defining LDAP system parameters.

Field

Description

LDAP Directory Server Type

Determines which LDAP configuration is used for authentication.

The values in the drop-down list are taken from the DirectoryServiceType.cfg configuration file located in the ctm_em/etc directory. This file contains the names of the default types used by the system parameters, including a set of default parameters that define the standard configuration of the specific type. For more information, see DirectoryServiceType.cfg parameters.

LDAP Directory Search User

Defines the name of the user that runs the search action for users that log on. For example, cn=admin,dc=company,dc=us,dc=com.

If this field is not defined, then the LDAP Directory Search Base field must have a value.

LDAP Directory Search Password

Defines the password of the user specified in the LDAP Directory Search User field. The value of this field can be left blank if the Search user does not have a defined password.

Transmission Protocol

Determines one of the following transmission protocols that LDAP uses to connect to Control-M/EM:

  • TCP
  • SSL

BMC recommends that you configure the SSL mode between Control-M/EM clients and Control-M/EM servers before you define the LDAP system parameters, as described in Introduction to SSL for Control-M.

Server Host Name and Port

Defines hostname and port number values for the computer where the LDAP Directory Server is located.

It is not mandatory to set the port value for this system parameter. If the port is left blank, the default value 389 (or 636 for SSL communication) is used.

Multiple active directory servers can also be defined. This enables Control-M/EM to perform authentication against backup active directory servers when the primary server is unavailable.

LDAP Directory Search Base

Defines the starting domain name for the user search in the directory tree structure. For example, sales.company.us.com or dc=sales,dc=company,dc=us,dc=com.

This field must have a value if the LDAP Directory Search User field is left blank. Otherwise the default value is the domain where the search user is located.

Parent Topic

Control-M/EM system parameters