Configuring Netcool Configuration Manager

This task describes how to configure Netcool Configuration Manager to use Active Directory authentication.

Procedure

  1. Launch the WebSphere Administrative Console:
    http://<ncmserver-hostname-ip>:18100/ibm/console
  2. Log in using the Netcool Configuration Manager superuser name ('Intelliden') and password that was specified during installation.
  3. Click Security > Global security
  4. In the User account repository section, select Federated repositories from the Available realm definitions menu, and click Configure.
  5. Enter a name in the Realm Name field.
    Note: You can use the default value (defaultWIMFileBasedRealm).
  6. Enter Intelliden in the Primary administrative user name field, and click Apply.
  7. Enter the Intelliden user password created in step 4 of Creating organization units in the Password and Confirm password fields, click OK, and then click Save directly to the master configuration.
  8. Select Manage Repositories and click Add.
  9. Select Microsoft Windows Active Directory from the Directory type menu, and define the following details:
    Repository identifier
    Enter a value, for example AD
    Primary host name
    Enter the host name of the Active Directory server.
    Port
    Enter the port number of the Active Directory server.
    Bind distinguished name
    Enter the bind distinguished name, for example:
    cn=Intelliden,ou=itncmusers,dc=itncm,dc=local
    Bind password
    Enter the bind password. If the Intelliden user is the bind user, use the password created in step 4 of Creating organization units.
  10. Click Apply, then click Save directly to the master configuration.
  11. Click Security > Global security.
  12. In the User account repository section, select Federated repositories from the Available realm definitions menu, and click Configure.
  13. Click Add Base entry to Realm, and then select the Active Directory repository identifier from the Repository menu.
  14. Define the following distinguished names:
    Base entry that uniquely identifies this set of entries in the realm field
    Enter the distinguished name, for example:
    dc=itncm,dc=local
    Base entry in this repository field
    Enter the distinguished name, for example:
    dc=itncm,dc=local
  15. Click Apply, then click Save directly to the master configuration.
  16. Click Security > Global security.
  17. In the User account repository section, select Federated repositories from the Available realm definitions menu, and click Configure.
  18. In the Repositories in the realm table, select the repository whose identifier is InternalFileRepository.
  19. Click Remove, then click Save directly to the master configuration.
  20. Click Security > Global security.
  21. In the User account repository section, select Federated repositories from the Available realm definitions menu, and click Set as current.
  22. Click Apply, then click Save directly to the master configuration.
  23. If the Active Directory groups were named IntellidenUser and IntellidenAdminUser, go to step 24, otherwise proceed to Configuring Netcool Configuration Manager roles.
  24. Log out of the WebSphere Administrative Console, and restart Netcool Configuration Manager:
    <itncm_install_dir>/bin/./itncm.sh restart
    Note: Use the Intelliden user password that was specified during installation.

What to do next

Once Netcool Configuration Manager has restarted, the Intelliden user password will become what you provided for the Intelliden user in Active Directory.

Remember: Existing Netcool Configuration Manager users must be created in Active Directory. New users must be created in both Netcool Configuration Manager and Active Directory. In all cases the user password is the password that is provided in Active Directory.
Note: If the user tries to restore the previous configuration of WebSphere while using AD authentication, it is advisable to take system backup. The backup can be used if in case configuration restore action corrupts the deployment. Refer to WebSphere documentation on how to disable Global Security, revert to the Standalone custom registry, then re-enable Global Security before taking backup.

When backing up WebSphere, it is strongly recommended not to use backupConfig.sh or restoreConfig.sh scripts for performing backup and restore procedure on Jazz. For more information, refer to Can JazzSM server be backup and restore using these scripts-backupConfig.sh and restoreConfig.sh? tech note.