This task describes how to configure Netcool Configuration
Manager to use Active
Directory authentication.
Procedure
-
Launch the WebSphere Administrative Console:
http://<ncmserver-hostname-ip>:18100/ibm/console
-
Log in using the Netcool Configuration
Manager superuser name
('Intelliden') and password that was specified during installation.
-
Click
-
In the User account repository section, select Federated repositories
from the Available realm definitions menu, and click Configure.
-
Enter a name in the Realm Name field.
Note: You can use the default value (defaultWIMFileBasedRealm).
-
Enter Intelliden in the Primary administrative user name field, and
click Apply.
-
Enter the Intelliden user password created in step 4 of Creating organization units in the Password and Confirm password fields, click
OK, and then click Save directly to the master
configuration.
-
Select Manage Repositories and click Add.
-
Select Microsoft Windows Active Directory from the Directory type menu,
and define the following details:
- Repository identifier
- Enter a value, for example AD
- Primary host name
- Enter the host name of the Active Directory server.
- Port
- Enter the port number of the Active Directory server.
- Bind distinguished name
- Enter the bind distinguished name, for
example:
cn=Intelliden,ou=itncmusers,dc=itncm,dc=local
- Bind password
- Enter the bind password. If the Intelliden user is the bind user, use the password created in
step 4 of Creating organization units.
-
Click Apply, then click Save directly to the master
configuration.
-
Click .
-
In the User account repository section, select Federated repositories
from the Available realm definitions menu, and click Configure.
-
Click Add Base entry to Realm, and then select the Active
Directory repository identifier from the Repository menu.
-
Define the following distinguished names:
- Base entry that uniquely identifies this set of entries in the realm field
- Enter the distinguished name, for example:
dc=itncm,dc=local
- Base entry in this repository field
- Enter the distinguished name, for example:
dc=itncm,dc=local
-
Click Apply, then click Save directly to the master
configuration.
-
Click .
-
In the User account repository section, select Federated repositories
from the Available realm definitions menu, and click Configure.
-
In the Repositories in the realm table, select the repository whose identifier is
InternalFileRepository.
-
Click Remove, then click Save directly to the master
configuration.
-
Click .
-
In the User account repository section, select Federated repositories
from the Available realm definitions menu, and click Set as current.
-
Click Apply, then click Save directly to the master
configuration.
-
If the Active Directory groups were named
IntellidenUser
and
IntellidenAdminUser
, go to step 24, otherwise proceed to Configuring Netcool Configuration Manager roles.
-
Log out of the WebSphere Administrative Console, and restart Netcool Configuration
Manager:
<itncm_install_dir>/bin/./itncm.sh restart
Note: Use the Intelliden user password that was specified during installation.
What to do next
Once Netcool Configuration
Manager has
restarted, the Intelliden user password will become what you provided for the Intelliden user in
Active Directory.
Remember: Existing Netcool Configuration
Manager users must be created
in Active Directory. New users must be created in both Netcool Configuration
Manager and Active Directory.
In all cases the user password is the password that is provided in Active Directory.
Note: If the user tries to restore the previous configuration of WebSphere while using AD
authentication, it is advisable to take system backup. The backup can be used if in case
configuration restore action corrupts the deployment. Refer to WebSphere documentation on how to
disable Global Security, revert to the Standalone custom registry, then re-enable Global Security
before taking backup.
When backing up WebSphere, it is strongly recommended not to use
backupConfig.sh
or restoreConfig.sh
scripts for performing backup
and restore procedure on Jazz. For more information, refer to Can JazzSM server be backup and restore using these
scripts-backupConfig.sh and restoreConfig.sh? tech note.