This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to configure LDAP Integration for uCMDB 10.00

Hi,

 

Please help me on tis ..........

 

 

thanks n advance......

Tags:

Parents
  • 0

    Hi Dear,

    I am also trying to Integrate UCMDB with LDAP. I have executed all the steps (Administration->Infrastructure Settings Maps) mentioned in user manual but when I click on security LDAP Mapping I get the following message LDAP is not configured correctly....


    Can you please tell me that what else I have to do?

     

     

  • 0 in reply to 

    If you have any spaces in your OUs, group names, etc. They need to be replaced with \20

     

    For example here is what our setup looks like: (Some info filtered).

    If you notice though, the LDAP Search User does not need the spaces replaced. Neither does the User filter if you have spaces.

     

     

    Users object class      user   
    Is case-sensitivity enforced in LDAP authentication     false  
    Groups member attribute member 
    Distinguished Name (DN) Resolution      true   
    Root Group Filter       (&(objectClass=group)(CN=*))   
    LDAP connection string  ldaps://ldaps.dd.dd.ca:3269/??sub     
    LDAP Search User        cn=srv.opsware.ad,OU=Tools and Automation,OU=ddt Users,dc=dd,dc=dd,dc=dd,dc=dd,dc=ca      
    Group class object      group  
    Use bottom up algorithm for find parent groups  false  
    UUID attribute  sAMAccountName 
    Groups name attribute   name   
    Group Base Filter       (&(objectClass=group)(CN=*))   
    Users filter   (&(sAMAccountName=*)(objectClass=user)(sAMAccountType=805306368)(memberof=CN=ALL_UCMDB_USERS,OU=UCMDB,OU=Tools and Automation,OU=ddt Users,DC=dd,DC=dd,DC=dd,DC=dd,DC=ca))
    Search Retries Count    5      
    Groups display name attribute   name   
    Root groups scope       sub    
    User display name attribute     sAMAccountName 
    Scope for groups search sub    
    Enable LDAP authentication      true   
    Enable LDAP synchronization     true   
    Root Group      OU=UCMDB,OU=Tools\20and\20Automation,OU=ddt\20Users,DC=dd,DC=dd,DC=dd,DC=dd,DC=ca 
    Group Base      OU=UCMDB,OU=Tools\20and\20Automation,OU=ddt\20Users,DC=dd,DC=dd,DC=dd,DC=dd,DC=ca 
    Default Group          
    Groups description attribute    description    
  • 0 in reply to 

    Why you have written so long value for attribute User filter was only (&(sAMAccountName=*)(objectClass=user) not enough ? whats its reason?

     

Reply Children
  • 0 in reply to 

    We have over 60000 users in our LDAP (AD)

     

    The reason I use the memberOf filter is only allow users that we place into a certain group are eligible to log into ucmdb.

    This way, the users can be in any OU, but we restrict access based on that one group.

     

    Ive gotten into habit of doing this since some applications like to cache all users that match a filter.

    This becomes a problem when dealing with our size of environment.

     

    D