Network Management / (OpenView-NNM) Support and News Forum
Showing results for 
Search instead for 
Do you mean 

NNMi9.10 integration with Active Directory

SOLVED
Go to Solution
Highlighted
Occasional Contributor

NNMi9.10 integration with Active Directory

Hi,

    I want to integrate NNMi9.10 with Active Directory service. As per the documentation in the ldap.properties file,  will configuring the below content sufficient for NNM-AD integration.I have only changed the content  quoted in "<>". Others I have not changed. But it is not functioning.The configuration text is

 

java.naming.provider.url=ldap://

<myldapserver>:389/

bindDN=

<mydomain>\\<myusername>

bindCredential=

<mypassword>

baseCtxDN=CN=Users,DC=

<myhostname>,DC=<mycompanyname>,DC=<mysuffix>

baseFilter=CN={0}

defaultRole=guest

#rolesCtxDN=CN=Users,DC=

<myhostname>,DC=<mycompanyname>,DC=<mysuffix>

roleFilter=member={1}

uidAttributeID=member

userRoleFilterList=admin;level2;level1

 

 

then run:

nnmldap.ovpl -reload

 

Do I need some more steps to be performed. Please suggest

1 ACCEPTED SOLUTIONS
Occasional Contributor

Re: NNMi9.10 integration with Active Directory

Hi,

    Thanks a lot for your valuable response.

6 REPLIES
Honored Contributor

Re: NNMi9.10 integration with Active Directory

Its a real pain to get working , but its possible and the step by step guide doesnt work :)

 

 

Here's my config for AD doing basic authentication, locally defined rolls.

java.naming.provider.url=ldaps://servername.net:636/
java.naming.security.protocol=ssl
bindDN=CN=ServiceCccount,OU=Service Accounts,DC=domain,DC=org
bindCredential=(otherwise known as password)
baseCtxDN=DC=domain ,DC=org
baseFilter=CN={0}
defaultRole=guest
roleFilter = member={1}
roleAttributeIsDN = false
roleAttributeID = roleName
userRoleFilterList = admin;level2;level1
uidAttributeID = member

 

 

Dont forget to use  nnmldap -info  and  -diagnose <username>  to test your configurations as well as AD authentication.

Have a nice day :)

Andy Kemp,  CISSP
Occasional Contributor

Re: NNMi9.10 integration with Active Directory

Hi,

    Thanks a lot for your valuable response.

Frequent Advisor

Re: NNMi9.10 integration with Active Directory

Hi Andy,

 

I currently got my AD integration working on port 389.

My question is if I want to use 636, I should do only the following?

 

1) Change the port to 636

2) java.naming.security.protocol=ssl

 

Is there anything else that I need to do?

Honored Contributor

Re: NNMi9.10 integration with Active Directory

You may also need to add the CA certificate to your Java keystore
CCIE 36708 | @northlandboy | lkhill.com
Frequent Advisor

Re: NNMi9.10 integration with Active Directory

[ Edited ]

Thanks North. Is there any document for NNMi 9.10 SSL certification for LDAP?

Honored Contributor

Re: NNMi9.10 integration with Active Directory

Check out the "NNMi Deployment Reference"

 

In the 9.20 version, on page 138, there's a section on "Configuring an SSL Connection to the Directory Service" - I  believe there's a similar section in the 9.10 version (it was around 18 months ago I was configuring this, and we got it working with 9.10, so I'm pretty sure its in the 9.10 docs).

CCIE 36708 | @northlandboy | lkhill.com