cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

LDAP mapping: how to allow user to log in without group verification

rafael_portola1
Dynatrace Participant
Dynatrace Participant

Is there something to setup in order to allow users to log in without verification of a group membership in LDAP ?

With appmon it was possible by adding the following to

<DT_HOME>/dtserver.ini:
-Dcom.dynatrace.diagnostics.strictLDAPAuthentication=false

But with SaaS and Managed ?

Thanks !

5 REPLIES 5

Radoslaw_Szulgo
Dynatrace Leader
Dynatrace Leader

Rafael, the first question is why would you need it? It's tough to answer without a use case. This question actually relates only to Dynatrace Managed - as you cannot set up LDAP for Dynatrace SaaS.

Anyway, we don't have such special configuration to ignore groups. We just simply do not need that, as we have LDAP configuration wizard where you can set up how the mapping between LDAP groups and users has to look like. More details see here:

https://www.dynatrace.com/support/help/dynatrace-m...

Senior Technical Product Manager,
Dynatrace Managed expert

rafael_portola1
Dynatrace Participant
Dynatrace Participant

Hi Radoslaw, sorry for my late answer.
To keep you posted, we didn't found the solution, this is a managed instance for sure.
With the Dynatrace wizard you have to setup the Group mapping, this is mandatory.
In the current situation there is no group usage in the current LDAP used by my customer.
They only would like to retrieve the LDAP users and map them to local Dynatrace goups, in fact exactly like in Appmon using the strictLDAPAuthentication=false propertie.

It seems we are not able to do that for the time being..

Radoslaw_Szulgo
Dynatrace Leader
Dynatrace Leader


OK. So we are on the same page - such configuration is not possible, currently. Mainly because we map


monitoring environment roles to the groups from a user directory.


I'd rather recommend to set a basic group (e.g. dynatrace) in LDAP rather than customize Dynatrace software for that peculiarly case. In case that is no go, feel free to submit a product idea in the forum.

Senior Technical Product Manager,
Dynatrace Managed expert

Arnaud_GERMAIN
Organizer

Hi,

have you plan to take account this fonctionnality to ignore groups like AppMon ? It is actually a big limitation with Dynatrace (Ruxit)...

Radoslaw_Szulgo
Dynatrace Leader
Dynatrace Leader

Not on the road map currently. Please submit product idea.

Senior Technical Product Manager,
Dynatrace Managed expert