LDAP MS Active Directory settings
Learn about LDAP MS Active Directory settings for Netcool® Operations Insight® on Red Hat® OpenShift®.
LDAP repository settings
LDAP_REPOSITORY_ID (Default: ICP_LDAP)
EXT_LDAP: External LDAP
LDAP_SERVERTYPE (Default: "CUSTOM") or one of the following LDAP server types
AD for Microsoft Active Directory
ADAM for Microsoft Active Directory Lightweight Directory Services
DOMINO for IBM Lotus Domino
IDS for IBM Tivoli Directory Server
ZOSDS for IBM Tivoli Directory Server for z/OS
NDS for Novell eDirectory
SUNONE for Oracle Directory Server or Sun ONE Directory Server
LDAP_SERVICE_NAME (Default: ldapservice)
LDAP_SERVICE_PORT (Default: 3389)
Distinguished Name (DN) format settings
LDAP_USERFILTER (Default: "uid=%s,ou=users")
LDAP_GROUPFILTER (Default: "cn=%s,ou=groups") - filter in DN format and may contains spaces
LDAP_BASE_DN (Default: "dc=mycluster,dc=icp")
LDAP_BIND_DN (Default: "cn=admin,dc=mycluster,dc=icp")
Note: Multiple values must be entered as a comma-separated list of terms. If any term contains
spaces, use single quotation marks (') for the whole string, not for individual terms.
Context pool in updateIdMgrLDAPContextPool
LDAP_CONTEXT_POOL (Default: true)
false: disable context pool for WebGUI pod
For more information, see Impact login fails after MS Active Directory connection.Allow operations in updateIdMgrRealm
ALLOW_OPERATION_IF_REPOSDOWN (Default: true)
true - allow WAS Administrator to operate when LDAP in the federated repository is down
LDAP passwords verification
LDAP_VERIFY_PASSWORDS (Default: true)
false: skip verifying passwords for bindDN and impactadmin
Search filters in addIdMgrLDAPEntityType
and
updateIdMgrLDAPEntityType
LDAP_USER_OBJECTCLASSES (Default: "inetOrgPerson")
LDAP_USER_SEARCH_BASES (Default: empty)
LDAP_USER_SEARCH_FILTER (Default: empty)
"(objectClass=user)" - Use this value for all users, if no users are found by default with AD
"(|(objectClass=person)(objectClass=user))" - Example to filter users in for person or user with AD
LDAP_GROUP_OBJECTCLASSES (Default: "groupOfNames;")
LDAP_GROUP_SEARCH_BASES (Default: empty)
LDAP_GROUP_SEARCH_FILTER (Default: empty)
"(objectClass=groups)" - Use this value for all groups, if no groups are found by default with AD
"(&(ObjectCategory=Group)(|(CN=icp*)(CN=impact*)))" - Example to filter for groups that begins with icp or impact with AD
updateIdMgrSupportedEntityType
settings
LDAP_SUFFIX (Default: "dc=mycluster,dc=icp")
LDAP_USER_PARENT (Default: "ou=users"
2nd terms of LDAP_USERFILTER or manually set to 2nd to last terms.
LDAP_GROUP_PARENT (Default: "ou=groups")
2nd term of LDAP_GROUPFILTER) or manually set to 2nd to last terms.
Where:- Default parent for
"Group"
isLDAP_GROUP_PARENT,LDAP_SUFFIX
- Default parent for
"OrgContainer"
isLDAP_SUFFIX
- Default parent for
"PersonAccount"
isLDAP_USER_PARENT,LDAP_SUFFIX
LDAP DN settings
LDAP_IMPACTADMIN_DN (Default: "uid=impactadmin,ou=users,dc=mycluster,dc=icp" for impactadmin user)
LDAP_ICPADMINS_DN (Default: "cn=icpadmins,ou=groups,dc=mycluster,dc=icp" for icpadmins group)
LDAP_ICPUSERS_DN (Default: "cn=icpusers,ou=groups,dc=mycluster,dc=icp" for icpusers group)
LDAP_ICPADMIN_DN (Default: "uid=icpadmin,ou=users,dc=mycluster,dc=icp" for icpadmin user)
LDAP_ICPUSER_DN (Default: "uid=icpuser,ou=users,dc=mycluster,dc=icp" for icpuser user)