12.2.5 Task 5: (Configuring for the external mode only) Configure group retrieval from the directory service
Complete this task to configure group retrieval for the external mode. Follow the appropriate procedure for your directory service.
- Go to the following directory:
- Windows: %NnmDataDir%nmsas\NNM\conf
- Linux: $NnmDataDir/nmsas/NNM/conf
- Take a backup of the nms-auth-config.xml file, and then open the file with a text editor.
- Modify the following elements:
- Tip
-
NNMi places a sample nms-auth-config.xml file in a different location, which can be used for reference.
The sample nms-auth-config.xml file is available in the following location:
- Windows: %NnmInstallDir%newconfig\HPOvNnmAS\nmsas\conf
- Linux: $NnmInstallDir/newconfig/HPOvNnmAS/nmsas/conf
You can also copy the entire <ldapLogin> element from the sample nms-auth-config.xml file, and then make necessary modifications.
Table 12‒3: Elements of the ldapLogin Section of nms-auth-config.xml <roleSearch>
Placeholder element to include the user role information.
Specify the <roleSearch></roleSearch> setting only once. You cannot specify this setting more than once.
<roleBase>member= {1}
</roleBase>
Replace member with the name of the group attribute that stores the directory service user ID in the directory service domain.
<roleContextDN>
</roleContextDN>
Specify the portion of the directory service domain that stores group records.
The format is a comma-separated list of directory service attribute names and values.
For example:- For Active Directory
CN=Users,DC=ldapserver,DC=mycompany,DC=com
- For other LDAP technologies
ou=Groups,o=example.com
</roleSearch>
- Save the file.
- Run the following command:
nnmldap.ovpl -reload