Report on which credentials are used to discover each host

We have 10K systems in discovery and are updating the credentials we use. I need to know if any 'old' credentials are still used to discover hosts so we can update them before deleting the credential.

* I know I can open an Agent CI and view the credential for the related host, but this won't work for thousands of hosts.

* I have made visible the "reference to credentials disctionary entry" in the agent CI type and this gets me part of the way there, but still only provides the index number used for discovery (like 18_1_CMS) and this is different for each probe system.

* Looking in the communication logs directory on a probe is not practicle because there are tens of thousands of files.

? Where is the index that would map 18_1_CMS to the actual login name used

Tags:

  • Good day Sean,

     

    Thank you for share this question.

     

    As far as i know, the names XX_X_CMS cannot be related to a credential in an automatic or UI way.

     

    I think what you can do is discover a new node, because the first time all the credentials are listed on the comm log, and then relate the XX_X_CMS names with the credential there. So, in this situation, you just need to check one file.

     

    I hope this helps.

     

    Best regards,

    HC

  • Verified Answer

    You could retrieve the info by runing JMX console -> Discovery Manager -> Method: exportCredentialsAndRangesInformation (customerId=1; fileName=Credentials.xml; isEncripted=False).

    The files will be created in C:\hp\UCMDB\UCMDBServer\conf\discovery\customer_1\credentials.xml. If not encripted passwords will be excluded, but I think it wil work for you.

    The file will contain following record for every credentials entry. "cm_credentials_id" field is what you are looking for:

    <object id="ec04472486f0c54f58508dfd86ca49bc" id_type="CmdbObjectID" class="ldapprotocol" isReference="false" anchor_id="null" is_anchor="false">

      <attribute name="ldapprotocol_truststore" type="Unknown" />
      <attribute name="protocol_username" type="String">admin</attribute>
      <attribute name="protocol_netaddress" type="String">DEFAULT</attribute>
      <attribute name="protocol" type="String">LDAP</attribute>
      <attribute name="protocol_type" type="String">ldapprotocol</attribute>
      <attribute name="protocol_port" type="String">1544</attribute>
      <attribute name="cm_credential_id" type="String">9_1_CMS</attribute>
      <attribute name="user_label" type="String">LDAP Protocol Credential 1</attribute>
      <attribute name="protocol_timeout" type="String">5000</attribute>
      <attribute name="protocol_in_use" type="Boolean">false</attribute>
      <attribute name="protocol_index" type="Integer">1</attribute>
      <attribute name="ldapprotocol_authtype" type="String">Simple</attribute>
      </object>
     
    Hope this helps.
  • I knew it had to be accesible somehow. Thank you!!!