Configuring Netcool Operations Insight on Red Hat OpenShift with LDAP MS Active Directory
Learn how to configure Netcool® Operations Insight® on Red Hat® OpenShift® with LDAP MS Active Directory.
Before you begin
If you upgraded to version 1.6.10 and applied the
Login fails after MS Active Directory connection workaround in
the version 1.6.7 documentation, complete the following steps to undo the workaround.
- Edit the
<release_name>-webgui-user-scripts
ConfigSpec by running the following command:oc edit cm <release_name>-webgui-user-scripts
- Remove the following lines from under the
data
section:set-ad-config.py: | AdminTask.updateIdMgrLDAPContextPool ('[-id ICP_LDAP -enabled false]') AdminConfig.save()
- Edit the
<release_name>-webgui-startup-scripts
ConfigSpec by running the following command:oc edit cm <release_name>-webgui-startup-scripts
- Remove the following lines from under the
data
section:pre-server-start: | # # Pre server startup script # echo "Running pre-server startup custom scripts" /home/netcool/app/was/bin/wsadmin.sh -user smadmin -password ${WAS_PASSWORD} -conntype NONE -lang jython -f ${USER_SCRIPTS_DIRECTORY}/set-ad-config.py
- Restart the webgui
pod:
oc delete pod <release_name>-webgui-0
- Proceed to update the webgui statefulset.
Procedure
To configure Netcool Operations Insight on Red Hat OpenShift with LDAP
Microsoft Active Directory, update the webgui statefulset.
- Change the default LDAP configuration from using the default LDAP server to using an external
LDAP server. When you install Netcool Operations Insight on Red Hat OpenShift, select
LDAP mode:proxy
in the LDAP section of the YAML file. Configure the external LDAP settings, as in the following example.
Then, edit the LDAP proxy configmap file. To configure connections to your LDAP server, add the trusted certificate in the openldap pod. For more information, see LDAP Proxy configmap.ldap: port: '389' mode: proxy userFilter: CN=%s bindDN: 'CN=Administrator,CN=Users,DC=netcool,DC=local' sslPort: '636' url: 'ldap://ldap server :389' suffix: 'CN=Users,DC=netcool,DC=local' groupFilter: CN=%s baseDN: 'CN=Users,DC=netcool,DC=local' storageSize: 1Gi serverType: AD
- Run the following command to edit the webgui
statefulset:
oc edit sts <release_name>-webgui
- Add the following code to the webgui statefulset:
- name LDAP_CONTEXT_POOL value: "false"
What to do next
Also enable contextPool
on the Impact pods. For more information, see Impact login fails after MS Active Directory connection.