12.1.2 Mixed mode: Storing some NNMi user information in the NNMi database and some NNMi user information in a directory service
NNMi accesses a directory service for the user name and password, which are defined externally to NNMi and are also available to other applications. The mapping of users to NNMi user groups is maintained in the NNMi console. The configuration and maintenance of NNMi user access information is a joint effort, as described here:
-
The directory service administrator maintains the user names and passwords in the directory service.
-
The NNMi administrator enters the user names (as defined in the directory service), user group definitions, and the user group mappings in the NNMi console.
-
The NNMi administrator configures NNMi's LDAP configuration file to describe to NNMi the directory service database schema for user names.
In the figure below, making the last line a comment line prevents NNMi from acquiring NNMi user group information from the directory service.
Because user names must be entered in two places, user name maintenance must be performed in both places.
|
|
![[Figure]](GRAPHICS/F0000101.GIF)
The figure above shows the information flow for this mode, which is appropriate in the following situations:
-
The number of NNMi users is small, and a directory service is available.
-
The NNMi administrator wants to manage the user groups instead of requiring a directory service change for each user group change.
-
The directory service group definitions are available.
For details about integrating with a directory service for the user name and password, see the rest of this chapter and Lightweight Directory Access Protocol (LDAP) to Control NNMi Access in NNMi Help.