ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Infrastructure Manager & UMP - Notes on using LDAP/AD for Authentication (screenName OR email address)


Article ID: 35074


Updated On:


NIMSOFT PROBES Unified Infrastructure Management for Mainframe DX Unified Infrastructure Management (Nimsoft / UIM)


Using screenName versus emailAddress for authentication to Infrastructure Manager and UMP. Information on using specific LDAP attributes is also included.


UIM/UMP 7.x or higher


IMPORTANT: UMP does not currently support mixed use of both 'screen name' and 'email address' for authentication. You must use one or the other. 

How to use specific LDAP attributes for Authentication to Infrastructure Manager and UMP - including how to control login type/format (short name/screenName versus emailAddress or vice versa) 

After hub v5.69, the hub was changed so that the filter_user key (edited through raw configuration) contains a dynamic value for $loginname. This was previously hard-coded at: userPrincipleName=$loginname, now, $attr_usr_id=$loginname. 

Therefore, the attr_usr_id (also modified through Raw Configuration) can be modified to any desired Active Directory attribute. 

This would then translate to the AD attribute users would use for authentication, when logging in to the hub (or UMP). 

To configure UIM to use a specific Active Directory attribute the user must configure the hub LDAP settings.


LDAP can be configured to use standard LDAP port 389, SSL 636, or the Global Catalog port 3269.

Selecting the “Use SSL” check box, the default LDAP SSL port of 636 is used, or the user can specify the port. Example: Server Name:

Once that setting has been applied, the hub will need to restart to reload the new configuration. After the restart, the user will need to login as administrator and use the Raw Configure option to complete the customization.

Open the hub probe in Raw Configure mode and set the attr_usr_id key to the desired Active Directory attribute.

attr_usr_id = <AD User Attribute> ie. userPrincipalName, mail, displayName

Verify that the filter user query is using the attr_usr_id variable.

filter_user = (&(objectClass=person)(|($attr_usr_id=$loginname)(sAMAccountName=$loginname)))

Once the OK button is clicked, the hub will automatically restart and UIM will be configured to use the new Active Directory attribute for login.


I. Configuring Active Directory integration in the hub probe so that customers can login with short name (screen name) for both Infrastructure Manager and UMP:

Using screen name for login 

First, to configure UMP to use 'screen name' for login, please follow the steps below:

This allows users to authenticate to both the Infrastructure Manager as well as UMP if UMP has been configured to use screen name for login.


This procedure gives you the choice of the login type you wish to use for UMP. Note also that customers/installations usually have UMP configured to use screenName already. Follow the steps below to change login type from emailAddress to screenName. 

1. Deactivate wasp

2. Change the variable in C:\Program Files\Nimsoft\probes\service\wasp\webapps\ROOT\WEB-INF\classes\ 




3. Check the contents of rows in the portletpreferences table using this query:

select * from portletpreferences where portletId='LIFERAY_PORTAL'; 

If the preferences column contains anything other than <portlet-preferences /> continue with step 4, otherwise continue with step 5.


4. Delete all of the rows from the table using this SQL statement: 

delete from PortletPreferences where portletId='LIFERAY_PORTAL'; 


5. Activate wasp

hub configuration

Now, open the hub probe Raw Configure by selecting the hub probe and holding down the SHIFT key and rt-click to select Raw Configure and: 

Find the key-value pair under the ldap->templates->Active Directory section

     format = [email protected]$domain

and change it to->

     format = $username

Apply the change.

Now try to login to both IM and UMP using the ‘short’ user name (screen name) to validate that its working as expected. Check the hub.log at loglevel 5 if there are any issues. 

II. Configuring Active Directory integration in the hub probe so that customers can login with email address for both Infrastructure Manager and UMP:

Using email address for login: 

1. Open the hub probe in Raw Configure mode and add or change the existing 'out of the box' defaults for the following settings to: 



2. Deactivate the wasp probe

3. Edit the UMP file


-> Change the value of the parameter to

4. Remove all instances of the screenName parameter from the portalpreferences table in the UIM backend database

Run the following query:

select * from portalpreferences where preferences like ‘%screenName%’ 

If there are no rows in the preferences column that contain the screenName parameter, go to step 5 below.

Issue the following command to delete all rows that contain screenName from the table: 

delete from portalpreferences where preferences like ‘%screenName%’

5. Activate wasp

Now try to login to both IM and UMP using the ‘short’ user name (screen name) to validate that its working as expected. Check the hub.log at loglevel 5 if there are any issues.


1569433553220__LDAP Auth to IM and UMP.pdf get_app