Remove Mapping Between Historian UAA Groups and LDAP Groups

About this task

If you want to stop users from an LDAP group from using Historian Web-based Clients, you can remove the mapping between the UAA group of Historian and LDAP. If you want to stop integration between the Historian UAA and LDAP altogether, you must remove the mapping for all the groups of the UAA instance.

Procedure

  1. Double-click the UAA IdP Configuration tool icon (), and log in the UAA client ID and secret.
    Tip: By default, this icon appears on the desktop after you install Web-based Clients.
    The Identity Providers page appears.
  2. Select the Map Existing UAA Groups check box.
  3. In the UAA Connection section, provide values as specified in the following table.
    Box Description
    URL Enter the authorization server URL of the LDAP server. For example: https://localhost/
    Client ID Enter the UAA server client ID. The default value is admin.
    Client Secret Enter the client secret value that you provided in the User Account and Authentication Service page while installing Web-based Clients. If you use an external UAA, enter the client secret of the external UAA.
  4. Select Test.
    If connection to the UAA server is established, a message appears, confirming the same.
  5. In the LDAP Connection section, provide values as specified in the following table.
    Box Description
    URL Enter the base URL of the LDAP server (for example, ldap://localhost).
    Bind User DN Enter the distinguished name of the bind user (for example, cn=admin,ou=Users,dc=test,dc=com).
    Password Enter the password for the LDAP user ID that searches the LDAP tree for user information.
    User Search Filter Enter the starting point for the LDAP user search in the directory tree (for example, dc=developers,dc=com).
    User Search Base Enter the subdirectories to include in the search (for example, cn={0}).
    Group Search Filter Enter the starting point for the LDAP group search in the directory tree (for example, ou=scopes,dc=developers,dc=com).
    Group Search Base Enter the subdirectories to include in the search (for example, member={0}).
  6. Select Test, and then select Submit.
    If connection to the LDAP server is established, a message appears, confirming the same.
  7. Select Test again, and then select Continue.
    In the LDAP Mapping section, the drop-down list box contains a list of groups in Historian UAA. In the Filter box, a list of LDAP groups appears.
  8. In the drop-down list box, select the Historian UAA group whose mapping you want to remove.
    In the Filter box, check boxes for the UAA groups that are mapped to the selected Historian UAA group are selected.
  9. In the Filter box, clear the check boxes corresponding to the LDAP groups for which you want to remove the mapping.
  10. Select Map Members.
    The mapping between the UAA groups of Historian UAA and LDAP is removed.
  11. Repeat steps 8 through 10 for all the Historian UAA groups for which you want to remove the mapping.

Results

Mapping between the UAA Groups of Historian and LDAP has been removed.