LDAP MS Active Directory settings

Learn about LDAP MS Active Directory settings for Netcool® Operations Insight® on Red Hat® OpenShift®.

LDAP repository settings

LDAP_REPOSITORY_ID (Default: ICP_LDAP)
 EXT_LDAP: External LDAP

LDAP_SERVERTYPE (Default: "CUSTOM") or one of the following LDAP server types
 AD for Microsoft Active Directory
 ADAM for Microsoft Active Directory Lightweight Directory Services
 DOMINO for IBM Lotus Domino
 IDS for IBM Tivoli Directory Server
 ZOSDS for IBM Tivoli Directory Server for z/OS
 NDS for Novell eDirectory
 SUNONE for Oracle Directory Server or Sun ONE Directory Server

LDAP_SERVICE_NAME (Default: ldapservice)

LDAP_SERVICE_PORT (Default: 3389)

Distinguished Name (DN) format settings

LDAP_USERFILTER (Default: "uid=%s,ou=users") 

LDAP_GROUPFILTER (Default: "cn=%s,ou=groups") - filter in DN format and may contains spaces

LDAP_BASE_DN (Default: "dc=mycluster,dc=icp")

LDAP_BIND_DN (Default: "cn=admin,dc=mycluster,dc=icp")
Note: Multiple values must be entered as a comma-separated list of terms. If any term contains spaces, use single quotation marks (') for the whole string, not for individual terms.

Context pool in updateIdMgrLDAPContextPool

LDAP_CONTEXT_POOL (Default: true) 
 false: disable context pool for WebGUI pod
For more information, see Impact login fails after MS Active Directory connection.

Allow operations in updateIdMgrRealm

ALLOW_OPERATION_IF_REPOSDOWN (Default: true)
 true - allow WAS Administrator to operate when LDAP in the federated repository is down

LDAP passwords verification

LDAP_VERIFY_PASSWORDS (Default: true)
 false: skip verifying passwords for bindDN and impactadmin

Search filters in addIdMgrLDAPEntityType and updateIdMgrLDAPEntityType

LDAP_USER_OBJECTCLASSES (Default: "inetOrgPerson")

LDAP_USER_SEARCH_BASES (Default: empty)

LDAP_USER_SEARCH_FILTER (Default: empty)
  "(objectClass=user)" - Use this value for all users, if no users are found by default with AD
  "(|(objectClass=person)(objectClass=user))" - Example to filter users in for person or user with AD

LDAP_GROUP_OBJECTCLASSES (Default: "groupOfNames;")

LDAP_GROUP_SEARCH_BASES (Default: empty)

LDAP_GROUP_SEARCH_FILTER (Default: empty)
  "(objectClass=groups)" - Use this value for all groups, if no groups are found by default with AD
  "(&(ObjectCategory=Group)(|(CN=icp*)(CN=impact*)))" - Example to filter for groups that begins with icp or impact with AD

updateIdMgrSupportedEntityType settings

LDAP_SUFFIX (Default: "dc=mycluster,dc=icp")

LDAP_USER_PARENT (Default: "ou=users" 
  2nd terms of LDAP_USERFILTER or manually set to 2nd to last terms.

LDAP_GROUP_PARENT (Default: "ou=groups")
  2nd term of LDAP_GROUPFILTER) or manually set to 2nd to last terms.
Where:
  • Default parent for "Group" is LDAP_GROUP_PARENT,LDAP_SUFFIX
  • Default parent for "OrgContainer" is LDAP_SUFFIX
  • Default parent for "PersonAccount" is LDAP_USER_PARENT,LDAP_SUFFIX

LDAP DN settings

LDAP_IMPACTADMIN_DN (Default: "uid=impactadmin,ou=users,dc=mycluster,dc=icp" for impactadmin user)

LDAP_ICPADMINS_DN (Default: "cn=icpadmins,ou=groups,dc=mycluster,dc=icp" for icpadmins group)

LDAP_ICPUSERS_DN (Default: "cn=icpusers,ou=groups,dc=mycluster,dc=icp" for icpusers group)

LDAP_ICPADMIN_DN (Default: "uid=icpadmin,ou=users,dc=mycluster,dc=icp" for icpadmin user)

LDAP_ICPUSER_DN (Default: "uid=icpuser,ou=users,dc=mycluster,dc=icp" for icpuser user)