Assigning Administrative Priviledges to LDAP Groups

Because ALBPM has read-only access to LDAP information, permissions for the ALBPM Administrator are not stored as part of the group or particpant data within LDAP. To grant ALBPM Administration priviledges to LDAP groups, you must add the permission information directly to the directory database.

1. Ensure that you have created an LDAP group containing participants who will have ALBPM administrator priviledges.
2. Add a row to the FUEGO_STRPROPS table of the directory service database.
   Note: You must add one row to the FUEGO_STRPROPS table for each LDAP group you want to have ALBPM administrator priviledges.
   The specific columns you must define are:

   Column	Value
   owner	null
   category	FDI_PREFS
   key	FUEGO_ADMINISTRATORS_PARTICIPANTS_GROUPS_DN.0 If you are adding multiple groups, change the trailing 0 to 1 .... n depending on the number of groups you are adding.
   value	DN The distinguished name (DN) is the value of the group in your LDAP server. For example, CN=Guests,CN=Builtin,DC=server,DC=vmware,DC=fuegolabs,DC=com

                insert into DIR6WMAD2.FUEGO_STRPROPS (FUEGO_MODIFIER,
                FUEGO_CRTIME,
                FUEGO_STRVALUE,
                FUEGO_CATEGORY,
                FUEGO_KEY,
                FUEGO_OWNER,
                FUEGO_CREATOR,
                FUEGO_MOTIME) values (
                'Administrator',
                SYSDATE,
                'CN=group1,OU=groups,DC=server,
                DC=vmware,DC=fuegolabs,DC=com',
                'FDI_PREFS',
                'FUEGO_ADMINISTRATORS_PARTICIPANTS_GROUPS_DN.0',
                'dir6wmad2.fuego_participant-fuego_in-1',
                'Administrator',
                SYSDATE);