Thanks for the update, Antonio.
Original Message:
Sent: 4/15/2024 7:21:00 AM
From: Antonio Gadelha
Subject: RE: LDAP - How to implement Dynamic Groups?
Hi,
Originally, we thought that associating Active Directory groups with AIOps groups should be implemented using Dynamic Groups.
But, we were wrong.
The solution is to use Assigned Group instead of Dynamic Group.
With the invaluable support of Santhi Kumar (IBM Support), we found a solution, much simpler than we thought, to our problem.
We would like to thank everyone who helped us, especially Sahnthi Kumar, to clarify our doubts.
Good luck for all of us !!!
------------------------------
Antonio Gadelha
------------------------------
Original Message:
Sent: Fri April 12, 2024 07:51 AM
From: Antonio Gadelha
Subject: LDAP - How to implement Dynamic Groups?
We are trying to configure Dynamic Groups in AIOps.
LDAP Server is Microsoft Active Directory.
We defined four new groups in AD:
- GRP_NETCOOL-AIOPS_PROJECT,
- GRP_NETCOOL-AIOPS_OPERATION,
- GRP_NETCOOL-AIOPS_DEVELOPMENT and
- GRP_NETCOOL-AIOPS_AUTOMATION.
The idea is to concentrate on AD both authentication and the definition of groups that define authorization information, that is, using these groups to dynamically define permissions for users who authenticate in LDAP.
For example, GRP_NETCOOL_AIOPS_OPERATION will have the equivalent privileges as the AIOps Application Operator.
Unfortunately, the documentation on how to define a dynamic group is poor and does not present examples of how to carry out this type of definition.
The question is how to configure dynamic groups so that AIOps permissions are assigned to users who log into AIOps?
We want to avoid pre-registering users in AIOps with possible permissions.
Thanks in advance for any suggestions.
------------------------------
Antonio Gadelha
------------------------------