Anonymous_User Absent Member.
Absent Member.
803 views

nqmdiscovery -p to add oracle users to security manager?


We're looking for a way to run nqmdiscovery from a client server to
populate oracle users in security manager. In theory, the -p and -f
options look promising but the syntax is a bit vague.

nqmdiscovery -h
....
-p label sublabel encryptflag value1 value2 value3
to add the KPW or Security Context information to MSU
-f
used only when -p is specified
to force MS NOT creating any discovery job
....

Anyone have suggestions, hints, or anything?

Thanks!


--
kgorman1
------------------------------------------------------------------------
kgorman1's Profile: https://forums.netiq.com/member.php?userid=5108
View this thread: https://forums.netiq.com/showthread.php?t=47870

0 Likes
5 Replies
Anonymous_User Absent Member.
Absent Member.

Re: nqmdiscovery -p to add oracle users to security manager?


Hi.. Not sure I can give you a complete answer because I am not sure if
this utility will allow you to pass the information required for the
Oracle module.

the -p switch maps the values you supply to the fields in the KPW table
in the QDB which is where this information ultimately is stored. That
table uses the fields Label, Sublabel Val1, Val2, Val3 - and if you use
the "Security Manager" utility from the Operator Console and go to the
"Custom" tab for a server where you have set this information - you will
get a better picture of how these things are then mapped.

In the case of the Oracle module for Unix, that is:-

Label: oracle$<database name>
SubLabel: <username>
Val1: <password>

So if you wanted to use this to set the information for the database
"MyNewDB" and the user "MyUser", you would expect to have something
like:-

../nqmdiscovery -p oracle$MyNewDB MyUser true MyNewPassword nothing
nothing

(you need all the parameters, so pass any string for Val2 and Val3 -
they are then ignored by the application... and you need to have them
stored in encrypted format, so you pass "true" for that parameter).
However.. I have noticed that the $ causes the utility a problem, so
setting this information in this way for the Oracle module may not be
possible.

It is definitely possible to do this via NetIQOLE - but that is a
Windows COM object (used in fact by the "Security Manager" application).
So you could have a VB Script on Windows that sets this information up
for a bunch of Unix agents, but there may be a problem using it to set
up the agents from those agents themselves. Unless there is a way to
"escape" the dollar....


--
Andy Doran
Software Engineer Consultant (NetIQ)
------------------------------------------------------------------------
andy_doran's Profile: https://forums.netiq.com/member.php?userid=3937
View this thread: https://forums.netiq.com/showthread.php?t=47870

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: nqmdiscovery -p to add oracle users to security manager?


OK - thanks to a little help from an engineer ... ;^) You can do this so
long as you escape the $. So for example you can do this:-

../nqmdiscovery -n MYHOST -p oracle\$MyDatabase MyUser true MyPassword
nothing nothing

And it will configure security for that server in the QDB for Oracle.
The "-n MYHOST" ensures that the hostname is used - assuming that the
agent appears using the hostname. If you miss out that switch then you
might get it configured via the IP address instead.


--
Andy Doran
Software Engineer Consultant (NetIQ)
------------------------------------------------------------------------
andy_doran's Profile: https://forums.netiq.com/member.php?userid=3937
View this thread: https://forums.netiq.com/showthread.php?t=47870

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: nqmdiscovery -p to add oracle users to security manager?


Thanks for the response and sorry for my late reply...
I figured out quite a while back to use single quotes or to escape the $
as you suggest. Single quotes (-p 'oracle$MyDatabase') tell the shell
not to interpret variables.
If I run from the shell I use -n `hostname -s`

Something like this:

nqmdiscovery -n `hostname -s` -p oracle\$MyDatabase MyUser 1 MyPassword
'' ''
nqmdiscovery -n `hostname -s` -p 'oracle$MyDatabase' MyUser 1 MyPassword
'' ''

The '' '' are 2 sets of single quotes. I seem to recall something saying
that all values had to be given even if they were, er, nothing.


--
kgorman1
------------------------------------------------------------------------
kgorman1's Profile: https://forums.netiq.com/member.php?userid=5108
View this thread: https://forums.netiq.com/showthread.php?t=47870

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: nqmdiscovery -p to add oracle users to security manager?


When looking at the log, I see the above generates some XML.
I'd like to use CreateEvent to do the same (using some XML like
discovery scripts) rather than ExecCmd to run the binary.
Why you ask?
Maybe it's my test system, but I find that running nqmdiscovery from
within a KS causes the agent to die.
Similarly, running the oracle config script restarts the agent, which
restarts the KS, which restarts the agent; infinite loop.

The idea is to have a KS that configures oracle.netiq and then runs the
oracle discovery script to discover Oracle instances. The script I've
created works, but it's a bit clumsy.

The sequence of events is:
update security manager for each new instance
run the oracle config script (Needed when the 1st instance is
discovered. Restarts the agent)
write a new oracle.netiq
run the Oracle discovery script

As I mentioned, any or all of these may cause the agent to exit, and
sometimes dump core. Since the default number of core files seems to be
2, after which the agent won't start, so reliability is a problem.

Any suggestions?


--
kgorman1
------------------------------------------------------------------------
kgorman1's Profile: https://forums.netiq.com/member.php?userid=5108
View this thread: https://forums.netiq.com/showthread.php?t=47870

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: nqmdiscovery -p to add oracle users to security manager?


Nice. You can edit, but not save after a few minutes so what was typed
gets lost. 🙂

Anyway, I made a KS to send XML (snagged from the agent log after
running nqmdiscovery) via CreateEvent but suspect the parameters are
incorrect.

BTW, I also got the syntax down for the Weblogic nqmdiscovery long ago.


Thanks!


--
kgorman1
------------------------------------------------------------------------
kgorman1's Profile: https://forums.netiq.com/member.php?userid=5108
View this thread: https://forums.netiq.com/showthread.php?t=47870

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.