Highlighted
Absent Member.
Absent Member.
235 views

Report on which credentials are used to discover each host

Jump to solution

We have 10K systems in discovery and are updating the credentials we use. I need to know if any 'old' credentials are still used to discover hosts so we can update them before deleting the credential.

* I know I can open an Agent CI and view the credential for the related host, but this won't work for thousands of hosts.

* I have made visible the "reference to credentials disctionary entry" in the agent CI type and this gets me part of the way there, but still only provides the index number used for discovery (like 18_1_CMS) and this is different for each probe system.

* Looking in the communication logs directory on a probe is not practicle because there are tens of thousands of files.

? Where is the index that would map 18_1_CMS to the actual login name used

Tags (1)
0 Likes
1 Solution

Accepted Solutions
Highlighted
Acclaimed Contributor.. Acclaimed Contributor..
Acclaimed Contributor..

Re: Report on which credentials are used to discover each host

Jump to solution

You could retrieve the info by runing JMX console -> Discovery Manager -> Method: exportCredentialsAndRangesInformation (customerId=1; fileName=Credentials.xml; isEncripted=False).

The files will be created in C:\hp\UCMDB\UCMDBServer\conf\discovery\customer_1\credentials.xml. If not encripted passwords will be excluded, but I think it wil work for you.

The file will contain following record for every credentials entry. "cm_credentials_id" field is what you are looking for:

<object id="ec04472486f0c54f58508dfd86ca49bc" id_type="CmdbObjectID" class="ldapprotocol" isReference="false" anchor_id="null" is_anchor="false">

  <attribute name="ldapprotocol_truststore" type="Unknown" />
  <attribute name="protocol_username" type="String">admin</attribute>
  <attribute name="protocol_netaddress" type="String">DEFAULT</attribute>
  <attribute name="protocol" type="String">LDAP</attribute>
  <attribute name="protocol_type" type="String">ldapprotocol</attribute>
  <attribute name="protocol_port" type="String">1544</attribute>
  <attribute name="cm_credential_id" type="String">9_1_CMS</attribute>
  <attribute name="user_label" type="String">LDAP Protocol Credential 1</attribute>
  <attribute name="protocol_timeout" type="String">5000</attribute>
  <attribute name="protocol_in_use" type="Boolean">false</attribute>
  <attribute name="protocol_index" type="Integer">1</attribute>
  <attribute name="ldapprotocol_authtype" type="String">Simple</attribute>
  </object>
 
Hope this helps.
Regards
-Dmitry Gomel, PMP
Click the Like button at the bottom to say 'Thanks'.

View solution in original post

3 Replies
Highlighted
Absent Member.
Absent Member.

Re: Report on which credentials are used to discover each host

Jump to solution

Good day Sean,

 

Thank you for share this question.

 

As far as i know, the names XX_X_CMS cannot be related to a credential in an automatic or UI way.

 

I think what you can do is discover a new node, because the first time all the credentials are listed on the comm log, and then relate the XX_X_CMS names with the credential there. So, in this situation, you just need to check one file.

 

I hope this helps.

 

Best regards,

HC

0 Likes
Highlighted
Acclaimed Contributor.. Acclaimed Contributor..
Acclaimed Contributor..

Re: Report on which credentials are used to discover each host

Jump to solution

You could retrieve the info by runing JMX console -> Discovery Manager -> Method: exportCredentialsAndRangesInformation (customerId=1; fileName=Credentials.xml; isEncripted=False).

The files will be created in C:\hp\UCMDB\UCMDBServer\conf\discovery\customer_1\credentials.xml. If not encripted passwords will be excluded, but I think it wil work for you.

The file will contain following record for every credentials entry. "cm_credentials_id" field is what you are looking for:

<object id="ec04472486f0c54f58508dfd86ca49bc" id_type="CmdbObjectID" class="ldapprotocol" isReference="false" anchor_id="null" is_anchor="false">

  <attribute name="ldapprotocol_truststore" type="Unknown" />
  <attribute name="protocol_username" type="String">admin</attribute>
  <attribute name="protocol_netaddress" type="String">DEFAULT</attribute>
  <attribute name="protocol" type="String">LDAP</attribute>
  <attribute name="protocol_type" type="String">ldapprotocol</attribute>
  <attribute name="protocol_port" type="String">1544</attribute>
  <attribute name="cm_credential_id" type="String">9_1_CMS</attribute>
  <attribute name="user_label" type="String">LDAP Protocol Credential 1</attribute>
  <attribute name="protocol_timeout" type="String">5000</attribute>
  <attribute name="protocol_in_use" type="Boolean">false</attribute>
  <attribute name="protocol_index" type="Integer">1</attribute>
  <attribute name="ldapprotocol_authtype" type="String">Simple</attribute>
  </object>
 
Hope this helps.
Regards
-Dmitry Gomel, PMP
Click the Like button at the bottom to say 'Thanks'.

View solution in original post

Highlighted
Absent Member.
Absent Member.

Re: Report on which credentials are used to discover each host

Jump to solution

I knew it had to be accesible somehow. Thank you!!!

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.