12.2.3 Task 3: Configure user access from the directory service
Complete this task for mixed mode and external mode only. Follow the appropriate procedure for your directory service.
- Go to the following directory:
- Windows: %NnmDataDir%nmsas\NNM\conf
- Linux: $NnmDataDir/nmsas/NNM/conf
- Back up the nms-auth-config.xml file that was shipped with NNMi, and then open the file in any text editor.
- Specify values for the following elements:
- Tip
-
NNMi places a sample nms-auth-config.xml file in a different location, which can be used for reference.
The sample nms-auth-config.xml file is available in the following location:
- Windows: %NnmInstallDir%newconfig\HPOvNnmAS\nmsas\conf
- Linux: $NnmInstallDir/newconfig/HPOvNnmAS/nmsas/conf
You can also copy the entire <ldapLogin> element from the sample nms-auth-config.xml file, and then make necessary modifications.
Table 12‒2: Elements of the ldapLogin Section of nms-auth-config.xml <enabled>
</enabled>
Specify true to use the nms-auth-config.xml file. By default, this element is set to false.
<userRoleFilterList>
</userRoleFilterList>
Specify the NNMi roles to which NNMi users can assign incidents.
To assign incidents to all operators, administrators, and guests, add this:<userRoleFilterList> admin guest level2 level1 </userRoleFilterList>
<connectTimeLimit>
</connectTimeLimit>
Specify the connection timeout value in milliseconds. The default value is 10000 (10 seconds). If you are encountering timeouts during NNMi user sign in, increase this value.
For example: <connectTimeLimit>10000</connectTimeLimit>
<searchTimeLimit>
</searchTimeLimit>
Specify the search timeout value in milliseconds. The default value is 30000 (30 seconds). If you are encountering timeouts during NNMi user sign in, increase this value.
For example: <searchTimeLimit>30000</searchTimeLimit>
<server>
Container element to contain all LDAP configuration information.
<host>
</host>
URL of the LDAP server with port.
For example:
- To use HTTP:
ldap://hostname.domain.com:389
- To use HTTPS:
ldaps://hostname.domain.com:636
Note: To use HTTP, specify ldap://. To use HTTPS, specify ldap:// or ldaps://.
<secure>
</secure>
Specify true if you want to use HTTPS. Otherwise, specify false.
</server>
Note: The server element can be specified multiple times if the same information can be acquired from multiple servers in a redundant LDAP server configuration. In such cases, attempts to establish a connection will be made in order starting from the connection destination specified at the top.
<bindCredential>
Container element to include bind credentials (mandatory for directory services that do not support anonymous logon).
<bindDN>
</bindDN>
Specify the bind DN.
<bindCredential>
</bindCredential>
Specify the bind DN password in the encrypted format.
Run the "nnmldap.ovpl -encrypt <mypassword>" command to encrypt the password.
</bindCredential>
<users>
Container element to include all user configuration details.
<userSearch>
Container element to include the configuration information for searching users.
Specify the <userSearch></userSearch> setting only once. Specifying this setting more than once is not supported.
<base>
</base>
For example:
- For Active Directory:
<base> CN={0} </base>
- For other LDAP technologies:
<base> SAMAccountName={0} </base>
<baseContextDN>
</baseContextDN>
For Active Directory, specify the portion of the directory service domain that stores user records.
For example:
- For Active Directory:
OU=Users,OU=Accounts,DC=mycompany,DC=com
- For other LDAP technologies:
ou=People,o=example.com
</userSearch>
</users>
Note: In mixed mode, specify the <roleSearch></roleSearch> setting only once, as follows, and then perform step 4 below.
<roleSearch> <roleBase></roleBase> <roleContextDN></roleContextDN> </roleSearch>
- After editing the nms-auth-config.xml file (%NnmDataDir%nmsas\NNM\conf (Windows) or $NnmDataDir/nmsas/NNM/conf (Linux)), run the following command:
- Windows:
%NnmInstallDir%bin\nnmldap.ovpl -reload
- Linux:
$NnmInstallDir/bin/nnmldap.ovpl -reload
- Windows: