12.3.3 Information owned by the directory service administrator
Table 12‒4: Information for retrieving user names and passwords from a directory service and Table 12‒5: Information for retrieving group membership from a directory service list the information to obtain from the directory service administrator before configuring NNMi for LDAP access to a directory service.
-
If you plan to use the directory service for user names and passwords only (configuring for the mixed mode), gather the information shown in Table 12‒4: Information for retrieving user names and passwords from a directory service.
-
If you plan to use the directory service for all NNMi access information (configuring for the external mode), gather the information shown in both Table 12‒4: Information for retrieving user names and passwords from a directory service and Table 12‒5: Information for retrieving group membership from a directory service.
Table 12‒4: Information for retrieving user names and passwords from a directory service Information
Active Directory example
Other directory services example
The fully-qualified name of the computer that hosts the directory service
directory_service_host.example.com
The port that the directory service uses for LDAP communication
-
389 for non-SSL connections
-
636 for SSL connections
Does the directory service require an SSL connection?
If yes, obtain a copy of your company's truststore certificate and see 10.3.8 Configuring an SSL connection to the Directory service.
The distinguished name for one user name that is stored in the directory service (to demonstrate the directory service domain)
CN=john.doe@example.com, OU=Users,OU=Accounts, DC=example,DC=com
uid=john.doe@example.com, ou=People,o=example.com
Table 12‒5: Information for retrieving group membership from a directory service Information
Active Directory example
Other directory services example
The distinguished name for identifying the groups to which a user is assigned
The memberOf user attribute identifies the groups.
-
ou=Groups,o=example.com
-
cn=USERS-NNMi-*,
ou=Groups,o=example.com
The method of identifying a user within a group
-
CN=john.doe@example.com,
OU=Users,OU=Accounts,
DC=example,DC=com
-
CN=john.doe@example.com
-
cn=john.doe@example.com,
ou=People,o=example.com
-
cn=john.doe@example.com
The group attribute that stores the directory service user ID
member
member
The names of the groups in the directory service that apply to NNMi access
-
CN=USERS-NNMi-Admin,
OU=Groups,OU=Accounts,
DC=example,DC=com
-
CN=USERS-NNMi-Level2,
OU=Groups,OU=Accounts,
DC=example,DC=com
-
CN=USERS-NNMi-Level1,
OU=Groups,OU=Accounts,
DC=example,DC=com
-
CN=USERS-NNMi-Client,
OU=Groups,OU=Accounts,
DC=example,DC=com
-
CN=USERS-NNMi-Guest,
OU=Groups,OU=Accounts,
DC=example,DC=com
-
cn=USERS-NNMi-Admin,
ou=Groups,o=example.com
-
cn=USERS-NNMi-Level2,
ou=Groups,o=example.com
-
cn=USERS-NNMi-Level1,
ou=Groups,o=example.com
-
cn=USERS-NNMi-Client,
ou=Groups,o=example.com
-
cn=USERS-NNMi-Guest,
ou=Groups,o=example.com
-