NNMi 9.22 LDAP Integration (680 Views)
Reply
Occasional Advisor
NickRad
Posts: 14
Registered: ‎03-13-2012
Message 1 of 2 (680 Views)

NNMi 9.22 LDAP Integration

Hello, i am attempting to control my users completely through LDAP but am getting stuck on role mappings with NNMi 9.22 and FreeIPA as the ldap server. My ldap.properties and output of nnmldap.ovpl -diagnose are below. If I assign a defaultRole I am able to authenticate and will be assigned the default role, however without it I can not log in.

 

 

DSN cn=users-nnmi-level2,cn=groups,cn=accounts,dc=mycompany,dc=com is mapped to the default builtin NNMi group named 'level2'

 

 

 

 

--ldap.properties

java.naming.provider.url=ldap://192.168.205.51
baseCtxDN=cn=users,cn=accounts,dc=mycompany,dc=com
baseFilter=uid={0}
rolesCtxDN=cn=users-nnmi-level2,cn=groups,cn=accounts,dc=mycompany,dc=com
roleFilter=member={1}
userRoleFilterList=admin;level2;level1
uidAttributeID=member

--output

 

/opt/OV/bin/nnmldap.ovpl -diagnose user1
=========================================================
=     Configuration
=========================================================
LDAP configuration filename: /var/opt/OV/shared/nnm/conf/ldap.properties
LDAP Properties:
    baseCtxDN=cn=users,cn=accounts,dc=mycompany,dc=com
    baseFilter=uid={0}
    java.naming.provider.url=ldap://192.168.205.51
    roleFilter=member={1}
    rolesCtxDN=cn=users-nnmi-level2,cn=groups,cn=accounts,dc=mycompany,dc=com
    uidAttributeID=member
    userRoleFilterList=admin;level2;level1

=========================================================
=     Starting LDAP Query Diagnostics
=========================================================
Diagnosing LDAP connectivity for user user1
Using LDAP configuration file "/var/opt/OV/shared/nnm/conf/ldap.properties"
All required property keys were detected.
All required Role property keys were detected.

=========================================================
=     Creating initial LDAP Context
=========================================================
Logging into LDAP server, env={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, userRoleFilterList=admin;level2;level1, baseCtxDN=cn=users,cn=accounts,dc=mycompany,dc=com, roleFilter=member={1}, rolesCtxDN=cn=users-nnmi-level2,cn=groups,cn=accounts,dc=mycompany,dc=com, baseFilter=uid={0}, java.naming.provider.url=ldap://192.168.205.51, uidAttributeID=member, java.naming.security.authentication=simple}

=========================================================
=     Checking User Group External Name match to LDAP DN
=========================================================
The User Group "NNMi Level 2 Operators" was successfully matched to LDAP DN.

=========================================================
=     Authenticating user "user1"
=========================================================
Searching Base DN "cn=users,cn=accounts,dc=mycompany,dc=com", returning attribute distinguishedName from any matches.
No attributes returned from results.
No userDN, computing relative results.
Found userDN uid=user1,cn=users,cn=accounts,dc=mycompany,dc=com from baseDN cn=users,cn=accounts,dc=mycompany,dc=com using null

=========================================================
=     Found User Distinguished Name: "uid=user1,cn=users,cn=accounts,dc=mycompany,dc=com"
=========================================================

=========================================================
=     Determining roles by searching rolesCtxDN:cn=users-nnmi-level2,cn=groups,cn=accounts,dc=mycompany,dc=com while searching for matches against role filter.
=========================================================
Found role DN entries that matched the UserGroup externalName

=========================================================
=     Traversing results to determine NNMi roles.
=========================================================
Found role #1 DN:,cn=users-nnmi-level2,cn=groups,cn=accounts,dc=mycompany,dc=com roleAttributeID=null, for user:user1.

!!!!!!!!!!!!!!!!!!!!!!!! NOTE !!!!!!!!!!!!!!!!!!!!!!!
!  Found no user roles in 1 DNs. Verify rolesCtxDN, roleFilter, and userRoleFilterList
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


!!!!!!!!!!!!!!!!!!!!!!!! NOTE !!!!!!!!!!!!!!!!!!!!!!!
!  LDAP Appears to be Misconfigured. See above for more information.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


!!!!!!!!!!!!!!!!!!!!!!!! NOTE !!!!!!!!!!!!!!!!!!!!!!!
!  You can try to diagnose further using a LDAP Browser and Directory client such asApache Directory Studio (http://directory.apache.org/studio/)
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


=========================================================
=     Finding all Users for Incident Assignment from LDAP service
=========================================================
Found 2 Users from LDAP service for NNMi UI login.
Found 2 Users from LDAP service for incident assignment based on filter of  userRoleFilterList
The all LDAP User List for Incident Assignment: [user2, user1]

=========================================================
=     LDAP Appears to be Properly Configured for Incident Assignment
=========================================================

Occasional Advisor
NickRad
Posts: 14
Registered: ‎03-13-2012
Message 2 of 2 (646 Views)

Re: NNMi 9.22 LDAP Integration

Figured it out, had to change

 

rolesCtxDN=cn=users-nnmi-level2,cn=groups,cn=accounts,dc=mycompany,dc=com

 

to

 

rolesCtxDN=cn=groups,cn=accounts,dc=mycompany,dc=com

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.