How to configure LDAP Integration for uCMDB 10.00

Hi,

 

Please help me on tis ..........

 

 

thanks n advance......

Tags:

Parents
  • Hi Dear,

    I am also trying to Integrate UCMDB with LDAP. I have executed all the steps (Administration->Infrastructure Settings Maps) mentioned in user manual but when I click on security LDAP Mapping I get the following message LDAP is not configured correctly....


    Can you please tell me that what else I have to do?

     

     

  • If you have any spaces in your OUs, group names, etc. They need to be replaced with \20

     

    For example here is what our setup looks like: (Some info filtered).

    If you notice though, the LDAP Search User does not need the spaces replaced. Neither does the User filter if you have spaces.

     

     

    Users object class      user   
    Is case-sensitivity enforced in LDAP authentication     false  
    Groups member attribute member 
    Distinguished Name (DN) Resolution      true   
    Root Group Filter       (&(objectClass=group)(CN=*))   
    LDAP connection string  ldaps://ldaps.dd.dd.ca:3269/??sub     
    LDAP Search User        cn=srv.opsware.ad,OU=Tools and Automation,OU=ddt Users,dc=dd,dc=dd,dc=dd,dc=dd,dc=ca      
    Group class object      group  
    Use bottom up algorithm for find parent groups  false  
    UUID attribute  sAMAccountName 
    Groups name attribute   name   
    Group Base Filter       (&(objectClass=group)(CN=*))   
    Users filter   (&(sAMAccountName=*)(objectClass=user)(sAMAccountType=805306368)(memberof=CN=ALL_UCMDB_USERS,OU=UCMDB,OU=Tools and Automation,OU=ddt Users,DC=dd,DC=dd,DC=dd,DC=dd,DC=ca))
    Search Retries Count    5      
    Groups display name attribute   name   
    Root groups scope       sub    
    User display name attribute     sAMAccountName 
    Scope for groups search sub    
    Enable LDAP authentication      true   
    Enable LDAP synchronization     true   
    Root Group      OU=UCMDB,OU=Tools\20and\20Automation,OU=ddt\20Users,DC=dd,DC=dd,DC=dd,DC=dd,DC=ca 
    Group Base      OU=UCMDB,OU=Tools\20and\20Automation,OU=ddt\20Users,DC=dd,DC=dd,DC=dd,DC=dd,DC=ca 
    Default Group          
    Groups description attribute    description    
  • Why you have written so long value for attribute User filter was only (&(sAMAccountName=*)(objectClass=user) not enough ? whats its reason?

     

  • We have over 60000 users in our LDAP (AD)

     

    The reason I use the memberOf filter is only allow users that we place into a certain group are eligible to log into ucmdb.

    This way, the users can be in any OU, but we restrict access based on that one group.

     

    Ive gotten into habit of doing this since some applications like to cache all users that match a filter.

    This becomes a problem when dealing with our size of environment.

     

    D

  • Trying to retrive all users existigng on enterprise LDAP will have performance implications on every connection to UCMDB.

  • Hi Guys,

     

    In our environment we have more than 2 Active Directories, with diferent domains.

    I have successfuly configured LDAP Authentication on UCMDB 10.01 and I'm able to login with "userlogin" but when i trying to login with "domain\user" the authentication failed.

     

    How can i solve this? It's possible to configure UCMDB to use Domain on login attribute?

     

    Regards,

    Bruno R.

  • When you integrating with LDAP you can choose the field that will be used for identification. For instance, HP's LDAP server (while not MS AD), authenticates using a UID (myemail@hp.com).

    Same approach could be used for AD.

Reply Children