Hitachi

JP1 Version 11 JP1/Network Node Manager i Setup Guide

12.2.5 Task 5: (Configuring for the external mode only) Configure group retrieval from the directory service

Complete this task to configure group retrieval for the external mode. Follow the appropriate procedure for your directory service. This task includes the following subsections:

Important

Do one of the following depending on your environment or configuration choice.

For details about configuration instructions, see 12.4.5 User group identification.

Organization of this subsection

(1) Using the nms-auth-config.xml

  1. Go to the following directory:
    • Windows: %NnmDataDir%nmsas\NNM\conf
    • Linux: $NnmDataDir/nmsas/NNM/conf
  2. Take a backup of the nms-auth-config.xml file, and then open the file with a text editor.
  3. Modify the following elements:
    Tip

    NNMi places a sample nms-auth-config.xml file in a different location, which can be used for reference.

    The sample nms-auth-config.xml file is available in the following location:

    • Windows: %NnmInstallDir%newconfig\HPOvNnmAS\nmsas\conf
    • Linux: $NnmInstallDir/newconfig/HPOvNnmAS/nmsas/conf

    You can also copy the entire <ldapLogin> element from the sample nms-auth-config.xml file, and then make necessary modifications.

    Table 12‒3: Elements of the ldapLogin Section of nms-auth-config.xml

    <roleSearch>

    Placeholder element to include the user role information.

    Specify the <roleSearch></roleSearch> setting only once. You cannot specify this setting more than once.
     

    <roleBase>member= {1}

    </roleBase>

    Replace member with the name of the group attribute that stores the directory service user ID in the directory service domain.

    <roleContextDN>

    </roleContextDN>

    Specify the portion of the directory service domain that stores group records.

    The format is a comma-separated list of directory service attribute names and values.

    For example:
    • For Active Directory

      CN=Users,DC=ldapserver,DC=mycompany,DC=com

    • For other LDAP technologies

      ou=Groups,o=example.com

    </roleSearch>

    		  
  4. Save the file.
  5. Run the following command:
    nnmldap.ovpl -reload

To Page Top

(2) Using ldap.properties

  1. Back up the ldap.properties file, and then open the file in any text editor.
  2. Uncomment the rolesCtxDN property.
  3. Set the property to the portion of the directory service domain that stores group records.
    Examples:
    • For Active Directory:

      rolesCtxDN=CN=Users,DC=hostname,DC=example,DC=com

    • For other LDAP:

      rolesCtxDN=ou=Groups,o=example.com

  4. Save the file.
  5. Run the following command:
    nnmldap.ovpl -reload

To Page Top

All Rights Reserved. Copyright (C) 2016, 2018, Hitachi, Ltd.

Copyright (C) 2010 Hewlett-Packard Development Company, L.P.

This software and documentation are based in part on software and documentation under license from Hewlett-Packard Company.