Configuring connection to a directory server

To use LDAP for authentication of License Metric Tool users, you must first configure a connection to the directory server.

Before you begin

An icon representing a user. You must have the Manage Directory Servers permission to perform this task.

Procedure

  1. In the top navigation bar, click Management > Directory Servers.
  2. To create an LDAP connection, click New.
  3. Enter a name for the new directory service.
  4. From the LDAP server list, select the type of your LDAP server. If your LDAP server values are different from the defaults, select Other and enter the values of filters and attributes of your LDAP server.
    Important: The default values might need to be modified in particular for openLDAP servers due to various implementations of openLDAP.
  5. In the Search Base field, define the location in the directory from which the LDAP search begins.
  6. If your directory server uses Secure Socket Layer protocol, select SSL.
  7. If your server requires authentication, clear Anonymous Bind and provide the name and password for the user whose credentials are to be used for connecting to the directory server.
    Tip: If you selected Microsoft Active Directory, provide the user name as Active Directory logon name or User Principal Name, for example username@domain.com. Do not specify the user name in the following way: DOMAIN/username.
  8. 9.2.30 If you want roles of users in License Metric Tool to be based on the assignment of the user to the directory server group, select Inherit Role From User Provisioning. In this case, user roles are updated during every log in of the user to License Metric Tool.
    Note: The setting applies only to user roles. Assignment of users to computer groups in License Metric Tool is not inherited from directory servers. To change the computer group to which a user has access in License Metric Tool, edit the user on the Management > Users panel.
  9. In the Host field, provide the host name or IP address of your primary LDAP server.
  10. Accept the default port value or provide a new one.
  11. Optional: To add a backup server, click add backup server. Then, provide host name or IP address and the port number of the backup server.
  12. To verify whether all of the provided entries are valid, click Test Connection.
  13. Click Create.

What to do next

If SSL is enabled and the CA certificate is not found in the License Metric Tool server local truststore (cacerts file), one of the following two messages is displayed.
  • A warning is displayed to confirm that you want to make an unknown certificate trusted by the License Metric Tool server and proceed. To make the certificate trusted, select Trust Certificate, and then click Create. In case of application update 9.2.31 and earlier, if the subsequent connection test generates the certificate warning with a different fingerprint value, it is probably due to issues with load balancing or multiple domain controllers. For more information, see: Configuring a directory server with load balancer or multiple domain controllers.
  • 9.2.32 An error message with information about the reason why the problem with SSL occurred. For example, that the certificate is expired or that it was revoked. You can resolve the problem or you can disable certificate validation by clearing the Certificate validation check box. If you disable certificate validation, the License Metric Tool server is not able to fully verify connection to the LDAP server.