Re: LDAP vs. SSO for Orchestrator

FSvcoe · ‎02-20-2014

So after switching authentication to SSO from LDAP, all of the group names that have been granted permissions now display a '?" instead of the AD group name. I've seen this behavior before, when groups were moved to a different location within AD, however you can always search and re-add them from the new location.

This time, nothing shows up in when typing the filter box, which seems to indicate it's unable to look anything up properly. Does anyone have an idea on what might be missing? I was able to add our group to the 'vCO Admin - domain and group:' section within the VCO configuration page.

This is for version 5.5.0 build 1281930, thanks.

igaydajiev · ‎02-24-2014

Question marks in Permissions page are kind of expected. Since those permissions were actually entities from the LDAP server and vCO can not mach them to the SSO groups.

I will suggest deleting them since they can decrease vCO performance.

About the search in SSO it can be quite slow sometimes.

Try providing more than 3 characters in the search box and wait a bit.... or better get a coffee and wait a bit more.

FSvcoe · ‎03-10-2014

Thanks, the problem is, I can't remove any access rights, I can only add them. I've tried logging in as myself, as well as the account we use to authenticate to AD. Any ideas?

igaydajiev · ‎03-17-2014

When removing permissions make sure you are editing the object where permissions were set.

You can check this by looking at "Owner" column. It should have value of "This object". If the value is "Parent" this means that this permission comes from parent entity and you will be able to delete it only from there.

Note that some permissions are set on "ROOT" level (The left most icon in Run perspective - "My Orchestrator").

Also make sure that you logged in vCO with user from administrator's group.

All

LDAP vs. SSO for Orchestrator