Re: NNMi9.10 integration with Active Directory (372 Views)
Reply
Occasional Contributor
Devx
Posts: 4
Registered: ‎02-06-2012
Message 1 of 7 (629 Views)
Accepted Solution

NNMi9.10 integration with Active Directory

Hi,

    I want to integrate NNMi9.10 with Active Directory service. As per the documentation in the ldap.properties file,  will configuring the below content sufficient for NNM-AD integration.I have only changed the content  quoted in "<>". Others I have not changed. But it is not functioning.The configuration text is

 

java.naming.provider.url=ldap://

<myldapserver>:389/

bindDN=

<mydomain>\\<myusername>

bindCredential=

<mypassword>

baseCtxDN=CN=Users,DC=

<myhostname>,DC=<mycompanyname>,DC=<mysuffix>

baseFilter=CN={0}

defaultRole=guest

#rolesCtxDN=CN=Users,DC=

<myhostname>,DC=<mycompanyname>,DC=<mysuffix>

roleFilter=member={1}

uidAttributeID=member

userRoleFilterList=admin;level2;level1

 

 

then run:

nnmldap.ovpl -reload

 

Do I need some more steps to be performed. Please suggest

Please use plain text.
Honored Contributor
AndyKemp
Posts: 733
Registered: ‎05-17-2010
Message 2 of 7 (628 Views)

Re: NNMi9.10 integration with Active Directory

Its a real pain to get working , but its possible and the step by step guide doesnt work :)

 

 

Here's my config for AD doing basic authentication, locally defined rolls.

java.naming.provider.url=ldaps://servername.net:636/
java.naming.security.protocol=ssl
bindDN=CN=ServiceCccount,OU=Service Accounts,DC=domain,DC=org
bindCredential=(otherwise known as password)
baseCtxDN=DC=domain ,DC=org
baseFilter=CN={0}
defaultRole=guest
roleFilter = member={1}
roleAttributeIsDN = false
roleAttributeID = roleName
userRoleFilterList = admin;level2;level1
uidAttributeID = member

 

 

Dont forget to use  nnmldap -info  and  -diagnose <username>  to test your configurations as well as AD authentication.

Have a nice day :)

Andy Kemp,  CISSP
Please use plain text.
Occasional Contributor
Devx
Posts: 4
Registered: ‎02-06-2012
Message 3 of 7 (617 Views)

Re: NNMi9.10 integration with Active Directory

Hi,

    Thanks a lot for your valuable response.

Please use plain text.
Frequent Advisor
GrunderWolf
Posts: 78
Registered: ‎02-04-2010
Message 4 of 7 (390 Views)

Re: NNMi9.10 integration with Active Directory

Hi Andy,

 

I currently got my AD integration working on port 389.

My question is if I want to use 636, I should do only the following?

 

1) Change the port to 636

2) java.naming.security.protocol=ssl

 

Is there anything else that I need to do?

Please use plain text.
Honored Contributor
LindsayHill
Posts: 721
Registered: ‎11-16-2011
Message 5 of 7 (379 Views)

Re: NNMi9.10 integration with Active Directory

You may also need to add the CA certificate to your Java keystore
CCIE 36708 | @northlandboy | lkhill.com
Please use plain text.
Frequent Advisor
GrunderWolf
Posts: 78
Registered: ‎02-04-2010
Message 6 of 7 (375 Views)

Re: NNMi9.10 integration with Active Directory

[ Edited ]

Thanks North. Is there any document for NNMi 9.10 SSL certification for LDAP?

Please use plain text.
Honored Contributor
LindsayHill
Posts: 721
Registered: ‎11-16-2011
Message 7 of 7 (372 Views)

Re: NNMi9.10 integration with Active Directory

Check out the "NNMi Deployment Reference"

 

In the 9.20 version, on page 138, there's a section on "Configuring an SSL Connection to the Directory Service" - I  believe there's a similar section in the 9.10 version (it was around 18 months ago I was configuring this, and we got it working with 9.10, so I'm pretty sure its in the 9.10 docs).

CCIE 36708 | @northlandboy | lkhill.com
Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation