Configuring connection to a directory server
To use LDAP for authentication of License Metric Tool users, you must first configure a connection to the directory server.
You must have the Manage Directory Servers permission to perform this task.
Before you begin
- In the top navigation bar, click .
- To create an LDAP connection, click New.
- Enter a name for the new directory service.
- From the LDAP server list, select the type of your LDAP server. If your LDAP server
values are different from the defaults, select Other and enter the values of
filters and attributes of your LDAP server. Important: The default values might need to be modified in particular for openLDAP servers due to various implementations of openLDAP.
- In the Search Base field, define the location in the directory from which the LDAP search begins.
- If your directory server uses Secure Socket Layer protocol, select SSL.
- If your server requires authentication, clear Anonymous Bind and
provide the name and password for the user whose credentials are to be used for connecting to the
Tip: If you selected Microsoft Active Directory, provide the user name as Active Directory logon name or User Principal Name, for example
email@example.com. Do not specify the user name in the following way:
you want roles of users in License Metric Tool
to be based on the assignment of the user to the directory server group, select Inherit
Role From User Provisioning. In this case, user roles are updated during every log in of
the user to License Metric Tool. Note: The setting applies only to user roles. Assignment of users to computer groups in License Metric Tool is not inherited from directory servers. To change the computer group to which a user has access in License Metric Tool, edit the user on the panel.
- In the Host field, provide the host name or IP address of your primary LDAP server.
- Accept the default port value or provide a new one.
- Optional: To add a backup server, click add backup server. Then, provide host name or IP address and the port number of the backup server.
- To verify whether all of the provided entries are valid, click Test Connection.
- Click Create.
If SSL is enabled and the CA certificate is not found in the License Metric Tool server local truststore (cacerts file), one of the following two messages is displayed.
What to do next
- A warning is displayed to confirm that you want to make an unknown certificate trusted by the License Metric Tool server and proceed. To make the certificate trusted, select Trust Certificate, and then click Create. In case of application update 9.2.31 and earlier, if the subsequent connection test generates the certificate warning with a different fingerprint value, it is probably due to issues with load balancing or multiple domain controllers. For more information, see: Configuring a directory server with load balancer or multiple domain controllers.
- An error message with information about the reason why the problem with SSL occurred. For example, that the certificate is expired or that it was revoked. You can resolve the problem or you can disable certificate validation by clearing the Certificate validation check box. If you disable certificate validation, the License Metric Tool server is not able to fully verify connection to the LDAP server.