Highlighted
Absent Member.. Absent Member..
Absent Member..
3657 views

HP uCMDB 10.0 integration issue with MS Active Directory

Hi Experts,

 

I was working on the integration between HP uCMDB 10.0 and MS Active Directory.  However I couldnot integrate the two products successfully.

 

I have put the LDAP server url in a form as stated in the example :-- ldap://<ldapHost>:<port>/<baseDN>??scope

 

My question is what does "scope" means?

 

Please share the info.

 

Regards,

Sanjeev

Tags (1)
0 Likes
6 Replies
Highlighted
Acclaimed Contributor.. Acclaimed Contributor..
Acclaimed Contributor..

Re: HP uCMDB 10.0 integration issue with MS Active Directory

Hi,

The question not related to UCMDB.

Following was taken from http://docs.oracle.com/javase/jndi/tutorial/ldap/misc/url.html:

 

Query Components in a URL

With the exception of the DirContext.search() methods, when an LDAP or LDAPS URL is passed as a name to the initial context, the URL should not contain any query ('?') components. If it does, then an InvalidNameException is thrown by the LDAP service provider.

For the search() methods, if a URL contains query components, then all other arguments (including the filter and SearchControls) are ignored. The query components of the URL and its defaults are used instead. For example, if an LDAP URL containing a scope component is supplied, then that scope overrides any scope setting that is passed in an argument. If the URL contains other query components but not the scope, then the LDAP URL's default scope ("base object") is used.

Here is an example that performs a subtree search by using a filter of "(sn=Geisel)".

// Perform the search by using URL
NamingEnumeration answer = ctx.search(
	"ldap://localhost:389/ou=People,o=JNDITutorial??sub?(sn=Geisel)",
	"" /* ignored*/, 
        null /* ignored */);

If you won't sharing the details on forum, opening the support case will b ea shortest way to go.

Regards
-Dmitry Gomel, PMP
Click the Like button at the bottom to say 'Thanks'.
Highlighted
Absent Member.. Absent Member..
Absent Member..

Re: HP uCMDB 10.0 integration issue with MS Active Directory

Hi Dima, Thanks for the post.

 

I got stuck on the HP uCMDB and MSAD integration part. Followed the OTB example and configured HP uCMDB as shown below:

 

 

LDAP Server Url:--  ldap://<server_ip>:389/cn=Users,dc=domain,dc=com??scope

Groups Base DN:--  cn=Users,dc=domain,dc=com

Root groups base DN:-- cn=Users,dc=domain,dc=com

 

and left other fields as it is.

 

Now when I go to Security and click LDAP Mapping I am greeted with an error : LDAP is not configured correctly.

 

Please share your idea on this.

 

Thanks,

Sanjeev

 

 

0 Likes
Highlighted
Acclaimed Contributor.. Acclaimed Contributor..
Acclaimed Contributor..

Re: HP uCMDB 10.0 integration issue with MS Active Directory

My suggestion is to start from installing Softerra LDAP Browser http://www.ldapbrowser.com/download.htm (or any other LDAP browser) on UCMDB server and try to connect with external tool using URL and credentials provided by your LDAP admin.

Whenever you'll have successful connection, this will work for you in UCMDB as well.

Regards
-Dmitry Gomel, PMP
Click the Like button at the bottom to say 'Thanks'.
Highlighted
Absent Member.. Absent Member..
Absent Member..

Re: HP uCMDB 10.0 integration issue with MS Active Directory

Hey thanks for the quick response.

 

I will download the LDAP Browser from the link posted by you and carry out the integration with the LDAP parameters.

 

Thanks,

Sanjeev

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: HP uCMDB 10.0 integration issue with MS Active Directory

Hello,

 

Here you can find a similar topic:

 http://h30499.www3.hp.com/t5/CMS-and-Discovery-Support-and/How-to-configure-LDAP-Integration-for-uCMDB-10-00/td-p/6004261

 

More, if ldap has to be configured using the SSL protocol (you mention security), below is an example.

 

If your AD accounts number is quite big, a more specific filter is needed as a query, when you want to map only specific AD security groups to uCMDB groups:

 

Example from the link above:

 

===

Users object class      user   
 
Is case-sensitivity enforced in LDAP authentication     false  
 
Groups member attribute member 
 
Distinguished Name (DN) Resolution      true   
 
Root Group Filter       (&(objectClass=group)(CN=*))   
 
LDAP connection string  ldaps://ldaps.dd.dd.ca:3269/??sub     
 
LDAP Search User        cn=srv.opsware.ad,OU=Tools and Automation,OU=ddt Users,dc=dd,dc=dd,dc=dd,dc=dd,dc=ca      
 
Group class object      group  
 
Use bottom up algorithm for find parent groups  false  
 
UUID attribute  sAMAccountName 
 
Groups name attribute   name   
 
Group Base Filter       (&(objectClass=group)(CN=*))   
 
Users filter   (&(sAMAccountName=*)(objectClass=user)(sAMAccountType=805306368)(memberof=CN=ALL_UCMDB_USERS,OU=UCMDB,OU=Tools and Automation,OU=ddt Users,DC=dd,DC=dd,DC=dd,DC=dd,DC=ca))
 
Search Retries Count    5      
 
Groups display name attribute   name   
 
Root groups scope       sub    
 
User display name attribute     sAMAccountName 
 
Scope for groups search sub   
 
Enable LDAP authentication      true   
 
Enable LDAP synchronization     true   
 
Root Group      OU=UCMDB,OU=Tools\20and\20Automation,OU=ddt\20Users,DC=dd,DC=dd,DC=dd,DC=dd,DC=ca Group
 
Base      OU=UCMDB,OU=Tools\20and\20Automation,OU=ddt\20Users,DC=dd,DC=dd,DC=dd,DC=dd,DC=ca 

 ===

 

 

Another useful free ldap browser is the Apache Directory Studio:

http://directory.apache.org/studio/

 

 

HTH,

 

Konstantin

Highlighted
Absent Member.. Absent Member..
Absent Member..

Re: HP uCMDB 10.0 integration issue with MS Active Directory

Thanks guys, for the reply

 

But seems like I am missing some steps or doing it wrong. Still stuck with the issue. May be I have to raise a ticket with HP Support for this.

 

Thanks,

Sanjeev

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.