cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

This product reached the end of support date on March 31, 2021.

LDAP : how to insert new LDAP users automaticaly to dt existing local group

Hello community,

On first hand, i have created a group called USER, with management role = User

and I want all my users be in that Group.

On an other hand, I have configure LDAP authentication. It works fine.

==> Each time a new user connects, it is created and appears on one new line in the "Users Accounts" tab in Settings / dynaTrace Server ... / Users.

But ...

Presently, when a new LDAP user connects for the first time, its account is created but none GROUP is affected : Only "-" appears in its Groups cell, on its line.

I would like it would be affected automatically to my USER group.

How to get this operate ... if this is possible ?

Thanks in advance

Regrads

P.SARGNON

Remark :

I have search in the online doc how to configure LDAP Authentication.

To make it operate correctly, I have appended in the dtserver.ini the 2 following lines :

-Dcom.dynatrace.diagnostics.includePrimaryGroupForLDAPActiveDirectory=false

-Dcom.dynatrace.diagnostics.strictLDAPAuthentication=false

7 REPLIES 7

jean_louis_lorm
Dynatrace Pro
Dynatrace Pro

Hello Philippe,

Could you add a screen shot please of the LDAP configuration?

Regards,

JLL

Sorry, this is not possible.

There are confidential data.

Regards.

PS

rmk : Ldap is not the Pb : Authentication is working fine.

Users are added correctly. What i want is just they could be added in my existing USERS dT group ... by default. but presently they are not and any new user is affected to NONE group.

I have the same question as well.

amohammad
Organizer

Hi,

You have to create same group in dynaTrace server "Groups" as the following .

1- Groups --> Create

2- select group by press "Select LDAP Group" , it should marked as "LDAP Group" automatically .

3- grants system profiles and dashboard for this group as you want .

i hope this information solved your issue

@username

Regards

Abdel Mohsen

laurent_izac
Dynatrace Helper
Dynatrace Helper

Hi,

as Abdel stated, your users must belong to an existing LDAP/AD group for them to be automatically a member of that group in Dynatrace.

So you'll have to find (or set) in LDAP/AD a default group that all your users belong to.

Then, you'll have to specify that group in Dynatrace and give it the same rights as the internal "Users" group (as stated by Abdel)

jgillotti
Guide

I have the same experience - I want to specify a default group to each new user. Please help - this has to be possible

kurt_aigner
Dynatrace Pro
Dynatrace Pro

Hi John,
There was no real change on the LDAP side of the house. Abdels's and Laurent's answers are still the way how to achieve that.

What's new and might be a smart way of central user management is our new SSO support based on SAML 2, which allows you to use our own IdP for identification.

This feature is in beta (fully supported, but no UI) in our current version AppMon 2017 May and will be completely done in our upcoming release, where the EAP start end of October.

Here is the link how to configure it.

But also with this approach, you would need to grant permissions based on groups. The identification provider (= your IdP) must send a group name which has a matching group on the AppMon Server side. The user permissions are then based on that matching group.

Hope this helps.

Kurt