12.1 NNMi user access information and configuration options

Together, the following items define an NNMi user:

• The user name uniquely identifies the NNMi user. The user name provides access to NNMi and receives incident assignments.

• The password is associated with the user name to control access to the NNMi console or NNMi commands.

• NNMi user group membership controls the information available and the type of actions that a user can take in the NNMi console. User group membership also controls the availability to the user of NNMi commands.

  Important

  If your device is SNMPv1 or SNMPv2c, note the following:

  SNMPv1 and SNMPv2c send their information packets in clear text.

  To secure your environment, use SNMPv3 or add protections, such as firewall controls, for the flow of SNMP traps and the collection of information from your devices.

NNMi provides several options for where the NNMi user access information is stored.

The following table shows the databases that store the NNMi user access information for each configuration mode.

Table 12‒1: Options for storing user information

Mode	User account	User group	User group membership
Internal (option 1)	NNMi	NNMi	NNMi
Mixed (option 2)	Mixed (account name in NNMi, account password in LDAP)	NNMi	NNMi
External (option 3)	Directory service	Both	Directory service

NNMi uses the Lightweight Directory Access Protocol (LDAP) to communicate with the directory service. One of the following modes shown in the table above must be used in order to use LDAP with NNMi:

• Mixed Mode (referred to originally as Option 2): Some NNMi user information is in the NNMi database and some NNMi user information is in a directory service

  When you use the mixed mode, you configure NNMi to store user names, user groups, and user group mappings in the NNMi database, and you rely on a directory service for user names and passwords (user account definitions). This means that account name information must be stored in both NNMi and LDAP. Account passwords, on the other hand, are stored only in LDAP.

• External Mode (referred to originally as Option 3): All NNMi user information is in the directory service

  When you use the external mode, there is no need to add user account information to NNMi, because you use LDAP to store all user account information.

Tip

NNMi's LDAP configuration file: In both the modes, NNMi retrieves the LDAP server information from a configuration file. You can use the ldap.properties file or nms-auth-config.xml file to specify the details of the LDAP server information.

To add new user accounts or to modify existing accounts when you use the mixed mode, you must select the Directory Service Account check box. When you are configuring user accounts, you must not select the Directory Service Account check box for some users and not select it for others (in effect, combining the internal, mixed, and external modes); doing so will result in an unsupported configuration.

Organization of this section

• 12.1.1 Internal mode: Storing all NNMi user information in the NNMi database

• 12.1.2 Mixed mode: Storing some NNMi user information in the NNMi database and some NNMi user information in a directory service

• 12.1.3 External mode: Storing all NNMi user information in a directory service

To Page Top