NNMi9.10 integration with Active Directory (741 Views)
Reply
Occasional Contributor
Devx
Posts: 4
Registered: ‎02-06-2012
Message 1 of 7 (741 Views)
Accepted Solution

NNMi9.10 integration with Active Directory

Hi,

    I want to integrate NNMi9.10 with Active Directory service. As per the documentation in the ldap.properties file,  will configuring the below content sufficient for NNM-AD integration.I have only changed the content  quoted in "<>". Others I have not changed. But it is not functioning.The configuration text is

 

java.naming.provider.url=ldap://

<myldapserver>:389/

bindDN=

<mydomain>\\<myusername>

bindCredential=

<mypassword>

baseCtxDN=CN=Users,DC=

<myhostname>,DC=<mycompanyname>,DC=<mysuffix>

baseFilter=CN={0}

defaultRole=guest

#rolesCtxDN=CN=Users,DC=

<myhostname>,DC=<mycompanyname>,DC=<mysuffix>

roleFilter=member={1}

uidAttributeID=member

userRoleFilterList=admin;level2;level1

 

 

then run:

nnmldap.ovpl -reload

 

Do I need some more steps to be performed. Please suggest

Honored Contributor
AndyKemp
Posts: 751
Registered: ‎05-17-2010
Message 2 of 7 (740 Views)

Re: NNMi9.10 integration with Active Directory

Its a real pain to get working , but its possible and the step by step guide doesnt work :)

 

 

Here's my config for AD doing basic authentication, locally defined rolls.

java.naming.provider.url=ldaps://servername.net:636/
java.naming.security.protocol=ssl
bindDN=CN=ServiceCccount,OU=Service Accounts,DC=domain,DC=org
bindCredential=(otherwise known as password)
baseCtxDN=DC=domain ,DC=org
baseFilter=CN={0}
defaultRole=guest
roleFilter = member={1}
roleAttributeIsDN = false
roleAttributeID = roleName
userRoleFilterList = admin;level2;level1
uidAttributeID = member

 

 

Dont forget to use  nnmldap -info  and  -diagnose <username>  to test your configurations as well as AD authentication.

Have a nice day :)

Andy Kemp,  CISSP
Occasional Contributor
Devx
Posts: 4
Registered: ‎02-06-2012
Message 3 of 7 (729 Views)

Re: NNMi9.10 integration with Active Directory

Hi,

    Thanks a lot for your valuable response.

Frequent Advisor
GrunderWolf
Posts: 78
Registered: ‎02-04-2010
Message 4 of 7 (502 Views)

Re: NNMi9.10 integration with Active Directory

Hi Andy,

 

I currently got my AD integration working on port 389.

My question is if I want to use 636, I should do only the following?

 

1) Change the port to 636

2) java.naming.security.protocol=ssl

 

Is there anything else that I need to do?

Honored Contributor
LindsayHill
Posts: 741
Registered: ‎11-16-2011
Message 5 of 7 (491 Views)

Re: NNMi9.10 integration with Active Directory

You may also need to add the CA certificate to your Java keystore
CCIE 36708 | @northlandboy | lkhill.com
Frequent Advisor
GrunderWolf
Posts: 78
Registered: ‎02-04-2010
Message 6 of 7 (487 Views)

Re: NNMi9.10 integration with Active Directory

[ Edited ]

Thanks North. Is there any document for NNMi 9.10 SSL certification for LDAP?

Honored Contributor
LindsayHill
Posts: 741
Registered: ‎11-16-2011
Message 7 of 7 (484 Views)

Re: NNMi9.10 integration with Active Directory

Check out the "NNMi Deployment Reference"

 

In the 9.20 version, on page 138, there's a section on "Configuring an SSL Connection to the Directory Service" - I  believe there's a similar section in the 9.10 version (it was around 18 months ago I was configuring this, and we got it working with 9.10, so I'm pretty sure its in the 9.10 docs).

CCIE 36708 | @northlandboy | lkhill.com
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.