To use LDAP for authentication of License Metric Tool users, you must first configure a connection to the directory server.
Before you begin
You must have the Manage Directory Servers permission to perform
this task.
Procedure
- In the top navigation bar, click .
- To create an LDAP connection, click New.
- Enter a name for the new directory service.
- From the LDAP server list, select the type of your LDAP server. If your LDAP server
values are different from the defaults, select Other and enter the values of
filters and attributes of your LDAP server.
Important: The default values might need to be modified in particular for openLDAP
servers due to various implementations of openLDAP.
- In the Search Base field, define the location in the directory from
which the LDAP search begins.
- If your directory server uses Secure Socket Layer protocol, select
SSL.
- If your server requires authentication, clear Anonymous Bind and
provide the name and password for the user whose credentials are to be used for connecting to the
directory server.
Tip: If you selected Microsoft Active Directory, provide the user name as Active
Directory logon name or User Principal Name, for example username@domain.com
. Do
not specify the user name in the following way: DOMAIN/username
.
- If
you want roles of users in License Metric Tool
to be based on the assignment of the user to the directory server group, select Inherit
Role From User Provisioning. In this case, user roles are updated during every log in of
the user to License Metric Tool.
Note: The setting applies only to user roles. Assignment of users to computer groups in License Metric Tool is not inherited from directory
servers. To change the computer group to which a user has access in License Metric Tool, edit the user on the
panel.
- In the Host field, provide the host name or IP address of your
primary LDAP server.
- Accept the default port value or provide a new one.
- Optional: To add a backup server, click add backup
server. Then, provide host name or IP address and the port number of the backup
server.
- To verify whether all of the provided entries are valid, click Test
Connection.
- Click Create.
What to do next
If SSL is enabled and the CA certificate is not found in the License Metric Tool server local truststore (cacerts
file), one of the following two messages is displayed.
- A warning is displayed to confirm that you want to make an unknown certificate trusted by the
License Metric Tool server and proceed. To make the
certificate trusted, select Trust Certificate, and then click
Create. In case of application update 9.2.31 and earlier, if the subsequent
connection test generates the certificate warning with a different fingerprint value, it is probably
due to issues with load balancing or multiple domain controllers. For more information, see: Configuring a directory server with load balancer or multiple domain controllers.
- An error
message with information about the reason why the problem with SSL occurred. For example, that the
certificate is expired or that it was revoked. You can resolve the problem or you can disable
certificate validation by clearing the Certificate validation check box. If
you disable certificate validation, the License Metric Tool
server is not able to fully verify connection to the LDAP server.