Configuring Netcool Operations Insight on Red Hat OpenShift with LDAP MS Active Directory

Learn how to configure Netcool® Operations Insight® on Red Hat® OpenShift® with LDAP MS Active Directory.

Before you begin

If you upgraded to version 1.6.10 and applied the Login fails after MS Active Directory connection workaround in the version 1.6.7 documentation, complete the following steps to undo the workaround.
  1. Edit the <release_name>-webgui-user-scripts ConfigSpec by running the following command:
    oc edit cm <release_name>-webgui-user-scripts
  2. Remove the following lines from under the data section:
      set-ad-config.py: |
        AdminTask.updateIdMgrLDAPContextPool ('[-id ICP_LDAP -enabled false]')
    
        AdminConfig.save()
  3. Edit the <release_name>-webgui-startup-scripts ConfigSpec by running the following command:
    oc edit cm <release_name>-webgui-startup-scripts
  4. Remove the following lines from under the data section:
      pre-server-start: |
        #
        # Pre server startup script
        #
        echo "Running pre-server startup custom scripts"
    
        /home/netcool/app/was/bin/wsadmin.sh -user smadmin -password ${WAS_PASSWORD}
        -conntype NONE -lang jython -f ${USER_SCRIPTS_DIRECTORY}/set-ad-config.py
  5. Restart the webgui pod:
    oc delete pod <release_name>-webgui-0
  6. Proceed to update the webgui statefulset.

Procedure

To configure Netcool Operations Insight on Red Hat OpenShift with LDAP Microsoft Active Directory, update the webgui statefulset.
  1. Change the default LDAP configuration from using the default LDAP server to using an external LDAP server. When you install Netcool Operations Insight on Red Hat OpenShift, select LDAP mode:proxy in the LDAP section of the YAML file. Configure the external LDAP settings, as in the following example.
    
    ldap:
    port: '389'
    mode: proxy
    userFilter: CN=%s
    bindDN: 'CN=Administrator,CN=Users,DC=netcool,DC=local'
    sslPort: '636'
    url: 'ldap://ldap server :389'
    suffix: 'CN=Users,DC=netcool,DC=local'
    groupFilter: CN=%s
    baseDN: 'CN=Users,DC=netcool,DC=local'
    storageSize: 1Gi
    serverType: AD
    
    Then, edit the LDAP proxy configmap file. To configure connections to your LDAP server, add the trusted certificate in the openldap pod. For more information, see LDAP Proxy configmap.
  2. Run the following command to edit the webgui statefulset:
    oc edit sts <release_name>-webgui
  3. Add the following code to the webgui statefulset:
    - name LDAP_CONTEXT_POOL
      value: "false"

What to do next

Also enable contextPool on the Impact pods. For more information, see Impact login fails after MS Active Directory connection.