NNMi 9.22 LDAP Integration (549 Views)
Reply
Occasional Advisor
NickRad
Posts: 12
Registered: ‎03-13-2012
Message 1 of 2 (549 Views)

NNMi 9.22 LDAP Integration

Hello, i am attempting to control my users completely through LDAP but am getting stuck on role mappings with NNMi 9.22 and FreeIPA as the ldap server. My ldap.properties and output of nnmldap.ovpl -diagnose are below. If I assign a defaultRole I am able to authenticate and will be assigned the default role, however without it I can not log in.

 

 

DSN cn=users-nnmi-level2,cn=groups,cn=accounts,dc=mycompany,dc=com is mapped to the default builtin NNMi group named 'level2'

 

 

 

 

--ldap.properties

java.naming.provider.url=ldap://192.168.205.51
baseCtxDN=cn=users,cn=accounts,dc=mycompany,dc=com
baseFilter=uid={0}
rolesCtxDN=cn=users-nnmi-level2,cn=groups,cn=accounts,dc=mycompany,dc=com
roleFilter=member={1}
userRoleFilterList=admin;level2;level1
uidAttributeID=member

--output

 

/opt/OV/bin/nnmldap.ovpl -diagnose user1
=========================================================
=     Configuration
=========================================================
LDAP configuration filename: /var/opt/OV/shared/nnm/conf/ldap.properties
LDAP Properties:
    baseCtxDN=cn=users,cn=accounts,dc=mycompany,dc=com
    baseFilter=uid={0}
    java.naming.provider.url=ldap://192.168.205.51
    roleFilter=member={1}
    rolesCtxDN=cn=users-nnmi-level2,cn=groups,cn=accounts,dc=mycompany,dc=com
    uidAttributeID=member
    userRoleFilterList=admin;level2;level1

=========================================================
=     Starting LDAP Query Diagnostics
=========================================================
Diagnosing LDAP connectivity for user user1
Using LDAP configuration file "/var/opt/OV/shared/nnm/conf/ldap.properties"
All required property keys were detected.
All required Role property keys were detected.

=========================================================
=     Creating initial LDAP Context
=========================================================
Logging into LDAP server, env={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, userRoleFilterList=admin;level2;level1, baseCtxDN=cn=users,cn=accounts,dc=mycompany,dc=com, roleFilter=member={1}, rolesCtxDN=cn=users-nnmi-level2,cn=groups,cn=accounts,dc=mycompany,dc=com, baseFilter=uid={0}, java.naming.provider.url=ldap://192.168.205.51, uidAttributeID=member, java.naming.security.authentication=simple}

=========================================================
=     Checking User Group External Name match to LDAP DN
=========================================================
The User Group "NNMi Level 2 Operators" was successfully matched to LDAP DN.

=========================================================
=     Authenticating user "user1"
=========================================================
Searching Base DN "cn=users,cn=accounts,dc=mycompany,dc=com", returning attribute distinguishedName from any matches.
No attributes returned from results.
No userDN, computing relative results.
Found userDN uid=user1,cn=users,cn=accounts,dc=mycompany,dc=com from baseDN cn=users,cn=accounts,dc=mycompany,dc=com using null

=========================================================
=     Found User Distinguished Name: "uid=user1,cn=users,cn=accounts,dc=mycompany,dc=com"
=========================================================

=========================================================
=     Determining roles by searching rolesCtxDN:cn=users-nnmi-level2,cn=groups,cn=accounts,dc=mycompany,dc=com while searching for matches against role filter.
=========================================================
Found role DN entries that matched the UserGroup externalName

=========================================================
=     Traversing results to determine NNMi roles.
=========================================================
Found role #1 DN:,cn=users-nnmi-level2,cn=groups,cn=accounts,dc=mycompany,dc=com roleAttributeID=null, for user:user1.

!!!!!!!!!!!!!!!!!!!!!!!! NOTE !!!!!!!!!!!!!!!!!!!!!!!
!  Found no user roles in 1 DNs. Verify rolesCtxDN, roleFilter, and userRoleFilterList
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


!!!!!!!!!!!!!!!!!!!!!!!! NOTE !!!!!!!!!!!!!!!!!!!!!!!
!  LDAP Appears to be Misconfigured. See above for more information.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


!!!!!!!!!!!!!!!!!!!!!!!! NOTE !!!!!!!!!!!!!!!!!!!!!!!
!  You can try to diagnose further using a LDAP Browser and Directory client such asApache Directory Studio (http://directory.apache.org/studio/)
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


=========================================================
=     Finding all Users for Incident Assignment from LDAP service
=========================================================
Found 2 Users from LDAP service for NNMi UI login.
Found 2 Users from LDAP service for incident assignment based on filter of  userRoleFilterList
The all LDAP User List for Incident Assignment: [user2, user1]

=========================================================
=     LDAP Appears to be Properly Configured for Incident Assignment
=========================================================

Please use plain text.
Occasional Advisor
NickRad
Posts: 12
Registered: ‎03-13-2012
Message 2 of 2 (515 Views)

Re: NNMi 9.22 LDAP Integration

Figured it out, had to change

 

rolesCtxDN=cn=users-nnmi-level2,cn=groups,cn=accounts,dc=mycompany,dc=com

 

to

 

rolesCtxDN=cn=groups,cn=accounts,dc=mycompany,dc=com

Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation