Db2

 View Only

  • 1.  Multiple LDAP user groups !?

    Posted Fri November 27, 2020 09:10 AM
    Edited by System Test Fri January 20, 2023 04:38 PM
    Hi Team

    At Amex,  we  are evaluating upgrading from DSM to DMC 3.1.3.   As of now,  it seems to have the features we need. 

    We currently have DSM integrated with their ADS domain,  and we use the advanced LDAP settings on DSM ,  to allow multiple user groups , like bellow: 

    DSM ldap setting: 
    ldap.groups.user=cn=grp1,OU=PRCRole,OU=ISOMgmt,OU=SecurityGroups,OU=Process,DC=xxx,DC=xxx,DC=xxx;cn=grp2,OU=PRCRole,OU=ISOMgmt,OU=SecurityGroups,OU=Process,DC=xxx,DC=xxx,DC=xxx;CN=grp3,OU=PRCRole,OU=ISOMgmt,OU=SecurityGroups,OU=Process,DC=xxx,DC=xxx,DC=xxx;cn=gpr4,OU=SecurityGroups,OU=Process,DC=xxx,DC=xxx,DC=xxx​

    When trying the same on DMC,  we are unable to specify multiple groups in the console,  separating them by ;  It does not complain during the setup,  but fails when someone tries to authenticate. 

    Error: Encounter errors when performing search group entry in LDAP. 

    If we go back,  and specify only one single group, then it works fine.  But this does not works for us..   as we need to allow multiple groups to becomes users on DMC console.  (big enterprise with hundreds os DBAs) 


    Please,  how can we setup multiple LDAP groups on DMC ? 

    This is really a show stopper for us.  We can't even further evaluate the product without it, as more than 80% of the users would loose their access to the product.  :-( 

    Regards



    ------------------------------
    Samuel Pizarro
    ------------------------------
    #Db2


  • 2.  RE: Multiple LDAP user groups !?

    Posted Wed December 02, 2020 04:50 PM
    Hello Samuel,
     
    This is a known limitation also described in DMC KC: https://www.ibm.com/support/knowledgecenter/en/SS5Q8A_3.1.x/com.ibm.datatools.dsweb.ots.security.doc/topics/Confldapgroupinfo.html

    We will open internal git issue to track this gap.  Thanks.

    ------------------------------
    Jason Sizto
    ------------------------------

    Original Message


  • 3.  RE: Multiple LDAP user groups !?

    Posted Wed August 14, 2024 10:34 AM

    Hello Jason,

    Is this limitation of configuring only a single ldap group in DMC still applicable for DMC version 3.1.12 . Could you please confirm.

    Regards,

    Ashish Mondal



    ------------------------------
    Ashish Kumar Mondal
    ------------------------------

    Original Message


  • 4.  RE: Multiple LDAP user groups !?

    Posted Mon August 19, 2024 09:16 AM

    Hello Ashish,

    Unfortunately the limitation still exists in V3.1.12.



    ------------------------------
    Cintia Ogura
    ------------------------------

    Original Message


  • 5.  RE: Multiple LDAP user groups !?

    Posted Mon August 19, 2024 10:10 AM

    Hello Cintia,

    Thanks for your confirmation. Could you please let me know if this enhancement is in the pipeline or we should expect this anytime soon. Any idea .

    Regards,

    Ashish Mondal



    ------------------------------
    Ashish Kumar Mondal
    ------------------------------

    Original Message


  • 6.  RE: Multiple LDAP user groups !?

    Posted Tue August 20, 2024 03:46 AM

    Hi,

    A work around for this limitation would be to configure the repository database to be authenticated using the LDAP you want.
    Then you can add multiple groups under "Console Administrator Groups", "Database Administrator Groups" and "Database User Groups"
    The groups needs to be separated by pipe(|).

    By this method you'll still be authenticated using the LDAP. "Authentication type" in DMC will be "Repository".
    Please try and let me know if that works for you.

    Regards,
    Bujji



    ------------------------------
    Bujji Phanikiran V
    ------------------------------

    Original Message