Steps to create AD Users and configure the UIM LDAP integration with AD server and configure AD user to login to Infrastructure Manager.
Article ID: 45039
Updated On:
Products
Issue/Introduction
This document can be used to create new users in AD server and configure LDAP integration on UIM with AD server. Also explains steps to configure the user to login to Infrastructure manager.
Environment
UIM: 8.0 and above
UIM 20.3 / 20.4
Resolution
Creating NEW User in AD for UIM LDAP Integration.
Open the “Server Manager” in Windows server and Expand Active Directory domain services and Right click on “Users” and go to “New” and click on “User”
Give the Display Name and required user name and click on “Next”.
Click on “Finish”.
(Optional) Create a NEW Group if required.
Add the user to group. Right click on username and click on “Add to a group”.
Verify the user have been added to group. Right click on username and click on “Properties”.
Integrate UIM and LDAP.
Open Hub configuration and click on Settings.
Go to “LDAP” tab and give AD server IP address and then click on “Lookup”. It would list “Group Container (DN)” and “User Container (DN)” if the lookup is successful.
Select “Authentication sequence” as LDAP->Nimsoft
Provide the AD user created. Note that sometimes it may requires domain need to mention (domain\username).
Click on “Test”. Test connection should be successful.
Create an ACL for AD user to access UIM.
You can create Access Control Lists (ACLs) and can associate them with specific LDAP groups. The users in the LDAP group are then assigned the privileges for the associated ACL. For example, if an LDAP user logs in to a DX UIM component, the request is directed to the LDAP server for authentication. If the user name is found in a group that is attached to an ACL, the user is assigned privileges as defined in the ACL. If the user belongs to multiple groups, privileges are assigned from the ACL with the most extended privileges.
NOTE: LDAP users must be direct members of the group that you are connecting to an ACL. DX UIM does not support the use of Nested or Role Based groups. Bus users should not share an ACL with LDAP users, or bus users will inherit LDAP accounts..
Follow these steps:
In Infrastructure Manager, select Security > Manage Access Control List.
To create an ACL:
1. Click New under Access Control List.
2. Name the new ACL, then select an ACL (if any exist) to copy its settings. Click OK.
3. Select the desired options in the Permissions area.
To associate a group with an ACL:
1. Select the new or existing ACL.
2. Click Set LDAP Group. All groups in the container are listed.
3. Select a group and click OK.
4. Click OK in the Manage Access Control List dialog.
The new setting is active. To verify the configuration, start Infrastructure Manager and log in as an LDAP user who is not a CA Unified Infrastructure Management user. Verify that you have the appropriate privileges and can access the expected contents.
Additional Information
Step by step guide to setup AD on Windows Server 2008:
http://www.rebeladmin.com/2011/03/step-by-step-guide-to-setup-active-directory-windows-server-2008/
Here is the link having detailed documentation about ad_server probe and configuration settings and metrics can be monitored by ad_server probe. Please go through the prerequisites before proceeding with probe deployment:
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/ca-unified-infrastructure-management-probes/GA/alphabetical-probe-articles/ad-server-active-directory-server-monitoring/ad-server-active-directory-server-monitoring-release-notes.html-probes/en/alphabetical-probe-articles/ad_server-active-directory-server-monitoring
Feedback
