12.2.5 Task 5: (Configuring for the external mode only) Configure group retrieval from the directory service
Complete this task to configure group retrieval for the external mode. Follow the appropriate procedure for your directory service. This task includes the following subsections:
- Important
Do one of the following depending on your environment or configuration choice.
For details about configuration instructions, see 12.4.5 User group identification.
- Organization of this subsection
(1) Using the nms-auth-config.xml
- Go to the following directory:
- Windows: %NnmDataDir%nmsas\NNM\conf
- Linux: $NnmDataDir/nmsas/NNM/conf
- Take a backup of the nms-auth-config.xml file, and then open the file with a text editor.
- Modify the following elements:
- Tip
-
NNMi places a sample nms-auth-config.xml file in a different location, which can be used for reference.
The sample nms-auth-config.xml file is available in the following location:
- Windows: %NnmInstallDir%newconfig\HPOvNnmAS\nmsas\conf
- Linux: $NnmInstallDir/newconfig/HPOvNnmAS/nmsas/conf
You can also copy the entire <ldapLogin> element from the sample nms-auth-config.xml file, and then make necessary modifications.
Table 12‒3: Elements of the ldapLogin Section of nms-auth-config.xml <roleSearch>
Placeholder element to include the user role information.
Specify the <roleSearch></roleSearch> setting only once. You cannot specify this setting more than once.
<roleBase>member= {1}
</roleBase>
Replace member with the name of the group attribute that stores the directory service user ID in the directory service domain.
<roleContextDN>
</roleContextDN>
Specify the portion of the directory service domain that stores group records.
The format is a comma-separated list of directory service attribute names and values.
For example:- For Active Directory
CN=Users,DC=ldapserver,DC=mycompany,DC=com
- For other LDAP technologies
ou=Groups,o=example.com
</roleSearch>
- Save the file.
- Run the following command:
nnmldap.ovpl -reload
(2) Using ldap.properties
- Back up the ldap.properties file, and then open the file in any text editor.
- Uncomment the rolesCtxDN property.
- Set the property to the portion of the directory service domain that
stores group records.Examples:
- For Active Directory:
rolesCtxDN=CN=Users,DC=hostname,DC=example,DC=com
- For other LDAP:
rolesCtxDN=ou=Groups,o=example.com
- For Active Directory:
- Save the file.
- Run the following command:
nnmldap.ovpl -reload