12.1 NNMi user access information and configuration options
Together, the following items define an NNMi user:
-
The user name uniquely identifies the NNMi user. The user name provides access to NNMi and receives incident assignments.
-
The password is associated with the user name to control access to the NNMi console or NNMi commands.
-
NNMi user group membership controls the information available and the type of actions that a user can take in the NNMi console. User group membership also controls the availability to the user of NNMi commands.
- Important
-
If your device is SNMPv1 or SNMPv2c, note the following:
SNMPv1 and SNMPv2c send their information packets in clear text.
To secure your environment, use SNMPv3 or add protections, such as firewall controls, for the flow of SNMP traps and the collection of information from your devices.
NNMi provides several options for where the NNMi user access information is stored.
The following table shows the databases that store the NNMi user access information for each configuration mode.
Mode |
User account |
User group |
User group membership |
---|---|---|---|
Internal (option 1) |
NNMi |
NNMi |
NNMi |
Mixed (option 2) |
Mixed (account name in NNMi, account password in LDAP) |
NNMi |
NNMi |
External (option 3) |
Directory service |
Both |
Directory service |
NNMi uses the Lightweight Directory Access Protocol (LDAP) to communicate with the directory service. One of the following modes shown in the table above must be used in order to use LDAP with NNMi:
-
Mixed Mode (referred to originally as Option 2): Some NNMi user information is in the NNMi database and some NNMi user information is in a directory service
When you use the mixed mode, you configure NNMi to store user names, user groups, and user group mappings in the NNMi database, and you rely on a directory service for user names and passwords (user account definitions). This means that account name information must be stored in both NNMi and LDAP. Account passwords, on the other hand, are stored only in LDAP.
-
External Mode (referred to originally as Option 3): All NNMi user information is in the directory service
When you use the external mode, there is no need to add user account information to NNMi, because you use LDAP to store all user account information.
- Tip
-
NNMi's LDAP configuration file: In both the modes, NNMi retrieves the LDAP server information from a configuration file. You can use the ldap.properties file or nms-auth-config.xml file to specify the details of the LDAP server information.
To add new user accounts or to modify existing accounts when you use the mixed mode, you must select the Directory Service Account check box. When you are configuring user accounts, you must not select the Directory Service Account check box for some users and not select it for others (in effect, combining the internal, mixed, and external modes); doing so will result in an unsupported configuration.
- Organization of this section