It's all about the answers!

Ask a question

User handling using RAM API (with LDAP Registry)?


Abhinav Ajmera (22113020) | asked May 11 '11, 6:06 a.m.
I have more than 200 types user groups (one per application), each user group is been given access to a specific role (hence total 200 roles, each with restriction to update their application only and consume all).

Now each group have more than 15 individual users.

So to manually search and add (LDAP registry) these users in particular group from GUI is too too time consuming.

And I dont see any such method in API to search user from LDAP registry, and add him/her to specific group.

The approach I was thinking to add all users (from ldap registry who need access to RAM to specific role) in a excell with role and/or group name (role and/or group name i can create manually or even if the automation is available using some of the api method) and do a batch update.

Please let me know if above can be achieved using RAM API.

Thanks

3 answers



permanent link
Rich Kulp (3.6k38) | answered May 11 '11, 2:22 p.m.
FORUM MODERATOR / JAZZ DEVELOPER
I'm still confused. You said you want to have users in groups. LDAP can
supply both users and groups of users.

1) Create groups in LDAP, put the users into the appropriate groups in LDAP.
2) Bind the user group in RAM to the group in LDAP.
3) Assign the user group the appropriate role(s).

Now just add/remove users in the LDAP groups and the next time RAM
synchronizes with LDAP (by default every Saturday) the RAM user groups
will be matched up with the LDAP user group.

The reason I'm saying this is because it may be easier working with LDAP
for many user and groups then with RAM.


--
Rich Kulp
Rational Asset Manager developer

permanent link
Abhinav Ajmera (22113020) | answered May 11 '11, 12:21 p.m.
Thanks Rich.

But my problem is not related to adding the users to RAM. Let me rephrase my query.

I already have LDAP group binding done, hence I have all the users already available in RAM. Now the question comes to assign/restrict access for them to appropriate asset type.

And for giving them appropriate access, I am performing steps given in last post manually.

So to summarize, I have all the possible users available in RAM from LDAP, now I have to put them in different user group to apply different type of user roles.


It would be easier to not individually add and remove users in RAM.

You can use LDAP group binding instead. Define the groups in LDAP and
then let RAM keep in sync with those groups.

--
Rich Kulp
Rational Asset Manager developer

permanent link
Rich Kulp (3.6k38) | answered May 11 '11, 9:32 a.m.
FORUM MODERATOR / JAZZ DEVELOPER
It would be easier to not individually add and remove users in RAM.

You can use LDAP group binding instead. Define the groups in LDAP and
then let RAM keep in sync with those groups.

--
Rich Kulp
Rational Asset Manager developer

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.