Hitachi

Job Management Partner 1 Version 10 Job Management Partner 1/Consolidated Management 2/Network Node Manager i Setup Guide

10.2.3 Task 3: Configure user access from the directory service

Complete this task to configure access for the mixed mode or the external mode. Follow the appropriate procedure for your directory service. This task includes the following subsections:

For details about configuration instructions, see 10.4.4 User identification.

Organization of this subsection

(1) Simple approach for Microsoft Active Directory

  1. Back up the ldap.properties file that was shipped with NNMi, and then open the file in any text editor.

  2. Overwrite the file contents with the following text:

    java.naming.provider.url=ldap://my-ldap-server:389/
 
bindDN=my-domain\\my-user-name
bindCredential=my-password
 
baseCtxDN=CN=Users,DC=my-company-name,DC=my-suffix
baseFilter=CN={0}
 
defaultRole=guest
 
#rolesCtxDN=CN=Users,DC=my-company-name,DC=my-suffix
 
roleFilter=member={1}
uidAttributeID=member
userRoleFilterList=admin;level2;level1

  3. Specify the URL for accessing the directory service.

    The text shown in step 1 contains the following line:

    java.naming.provider.url=ldap://my-ldap-server:389/

    Replace my-ldap-server with the fully-qualified host name of the Active Directory server (for example: myserver.example.com).

    You can specify multiple directory service URLs by delimiting them with a single space character ( ).

  4. Specify credentials for a valid directory service user.

    The text shown in step 1 contains the following lines:

    bindDN=my-domain\\my-user-name
bindCredential=my-password

    Make the following substitutions:

    • Replace my-domain with the NetBIOS name of the Active Directory domain.

    • Replace my-user-name and my-password with a user name and password for accessing the Active Directory server. Because passwords are saved in plain text, specify to the directory service a user name with read-only access.

  5. Specify the portion of the directory service domain that stores user records.

    The text shown in step 1 contains the following lines:

    baseCtxDN=CN=Users,DC=my-company-name,
DC=my-suffix

    Replace my-company-name and my-suffix with the components of the fully-qualified host name of the Active Directory server (for example, for the host name myserver.example.com, specify: DC=example,DC=com).

To Page Top

(2) Simple approach for other directory services

  1. Back up the ldap.properties file that was shipped with NNMi, and then open the file in any text editor.

  2. Specify the URL for accessing the directory service.

    The text shown in step 1 contains the following line:

    #java.naming.provider.url=ldap://my-ldap-server:389/

    Do the following:

    • Uncomment the line (by deleting the hash mark (#)).

    • Replace my-ldap-server with the fully-qualified host name of the directory server (for example: myserver.example.com).

      You can specify multiple directory service URLs by delimiting them with a single space character ( ).

  3. Specify the portion of the directory service domain that stores user records.

    The text shown in step 1 contains the following line:

    baseCtxDN=ou=People,o=myco.com

    Replace ou=People,o=myco.com with the portion of the directory service domain that stores user records.

  4. Specify the format of user names for signing in to NNMi.

    The text shown in step 1 contains the following line:

    baseFilter=uid={0}

    Replace uid with the user name attribute from the directory service domain.

To Page Top

Trademarks

All Rights Reserved. Copyright (C) 2012, 2014, Hitachi, Ltd.

Copyright (C) 2009 Hewlett-Packard Development Company, L.P.

This software and documentation are based in part on software and documentation under license from Hewlett-Packard Company.