LDAP Support
You can delegate Controller Tenant UI authentication and authorization to external directory servers that comply with LDAP (Lightweight Directory Access Protocol) version 3.
While a Controller Tenant should be able to work with any LDAPv3-compliant server, these LDAP products have been verified:
- Microsoft Active Directory for Windows Server 2008 >= SP2
- OpenLDAP >= 2.4
To configure LDAP authentication on a Splunk AppDynamics Controller Tenant, you must configure connection settings to the LDAP server and the queries that return user or group data. By mapping LDAP groups to roles, you can provision permissions in the Controller Tenant based on LDAP groups.
Possible Issues and Resolutions
| Issue | Resolution |
|---|---|
| The LDAP Server becomes unavailable | If the LDAP server configured for Controller Tenant authentication becomes unavailable for any reason, the Controller Tenant falls back to local user authentication. Given this possibility, you should provision local user accounts in Splunk AppDynamicsfor the administrative users who will need access if the LDAP server becomes unavailable. |
| The user cannot be found in the LDAP directory | If a user cannot be found in the LDAP directory, the authentication failure event is logged as a warning. The user, whether a regular Controller Tenant user or a REST client user, may still be authenticated through local authentication. |