Remove Mapping Between Operations Hub UAA Groups and LDAP Groups

About this task

If you want to stop users from an LDAP group from using Operations Hub, you can remove the mapping between the UAA group of Operations Hub and LDAP. If you want to stop integration between the Operations Hub UAA and LDAP altogether, you must remove the mapping for all the groups of the UAA instance.

Procedure

  1. Double-click .
    Tip: By default, this icon appears on the desktop after you install Operations Hub.
    The UAA/LDAP Connectivity Tool page appears.
  2. Select the Map Existing LDAP Groups check box.
  3. In the UAA Connection section, provide values as specified in the following table.
    Important: The values that you provide in this step must match the values that you provided in the User Authentication and Authorization Service page while installing Operations Hub. These values are required to connect to the Operations Hub UAA. Operations Hub works only with a single instance of UAA, which is specified during Operations Hub installation. After installation, you cannot change the instance of UAA that Operations Hub will use.
    BoxDescription
    URLEnter the authorization server URL of the Operations Hub UAA that you specified in the UAA Base URL box during installation (for example, https://localhost).

    If referencing Historian 7.x UAA, then use a url of https://Historian7x:8443; if referencing Historian 8.x then use a URL of https://Historian8x (no port number). The port numbers reflect the default port numbers for Historian. If ports were customized, then use the selected port.

    Client IDEnter the client ID of the Operations Hub UAA server that you specified in the Admin Client ID box during installation.
    Client SecretEnter the client secret configured for the OAuth client that you specified in the Admin Client Secret box during installation.
  4. Select Test.
    If connection to the UAA server is established, a message appears, confirming the same.
  5. In the LDAP Connection section, provide values as specified in the following table.
    BoxDescription
    URLEnter the base URL of the LDAP server (for example, https://localhost).
    Bind User DNEnter the distinguished name of the bind user (for example, cn=admin,ou=Users,dc=test,dc=com).
    PasswordEnter the password for the LDAP user ID that searches the LDAP tree for user information.
    User Search FilterEnter the starting point for the LDAP user search in the directory tree (for example, dc=developers,dc=com).
    User Search BaseEnter the subdirectories to include in the search (for example, cn={0}).
    Group Search FilterEnter the starting point for the LDAP group search in the directory tree (for example, ou=scopes,dc=developers,dc=com).
    Group Search BaseEnter the subdirectories to include in the search (for example, member={0}).
  6. Select Test, and then select Submit.
    If connection to the LDAP server is established, a message appears, confirming the same.
  7. Select Test again, and then select Continue.
    In the LDAP Mapping section, the drop-down list box contains a list of groups in Operations Hub UAA. In the Filter box, a list of LDAP groups appears.
  8. In the drop-down list box, select the Operations Hub UAA group whose mapping you want to remove.
    In the Filter box, check boxes for the UAA groups that are mapped to the selected Operations Hub UAA group are selected.
  9. In the Filter box, clear the check boxes corresponding to the LDAP groups for which you want to remove the mapping.
  10. Select Map Groups.
    The mapping between the UAA groups of Operations Hub UAA and LDAP is removed.
  11. Repeat steps 8 through 10 for all the Operations Hub UAA groups for which you want to remove the mapping.

Results

Mapping between the UAA Groups of Operations Hub and LDAP has been removed.