Creating users on an external LDAP server

If you installed with LDAP mode:proxy, mandatory LDAP Organization Units, Users, and Groups entries must be created in the target LDAP server, which is used by the Netcool® Operations Insight® on Red Hat® OpenShift® deployment. If you installed with LDAP mode:standalone, the mandatory entries are created for you with default values.

Note: Applicable to full cloud deployments only, not applicable to hybrid deployments.

If the mandatory LDAP entries are missing or wrong, then some pods do not start correctly. For instance, bind DN is case sensitive and can cause deployment failure during password verification. The recommended LDAP entries, Users, Groups, and Roles, improve the organization of entities in a deployment. Absence of these recommended LDAP entries does not cause deployment failures. However, if the recommended LDAP Users are not created, you cannot log in with those users. Before deploying the offering, the LDAP server administrator must provide a base Distinguished Name (DN) value for the destination LDAP server. Review and create the mandatory and recommended LDAP entries at the base DN as needed.

All LDAP entries are described in the following sections along with their DN and requirement status. In all cases, the LDAP_SUFFIX placeholder must be replaced with the base DN value that is provided by the LDAP administrator.

Organizational Units

Unit name Distinguished Name Requirement
groups ou=groups,LDAP_SUFFIX Required
users ou=users,LDAP_SUFFIX Required

Example LDIF to create organizational units

In all LDIF examples, LDAP_SUFFIX is replaced with dc=myldap,dc=org

dn: ou=groups,dc=myldap,dc=org
objectClass: organizationalUnit
objectClass: top
ou: groups

dn: ou=users,dc=myldap,dc=org
objectClass: organizationalUnit
objectClass: top
ou: users

Users

The installation does not create any users in LDAP, so these users must be created by administrators in LDAP before installing Netcool Operations Insight on Red Hat OpenShift.
User Name Distinguished Name Requirement
icpadmin uid=icpadmin,ou=users,LDAP_SUFFIX Recommended
icpuser uid=icpuser,ou=users,LDAP_SUFFIX Recommended
impactadmin uid=impactadmin,ou=users,LDAP_SUFFIX Required

Example LDIF for creating users

dn: uid=icpuser,ou=users,dc=myldap,dc=org
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: ICP User
uid: icpuser
givenName: ICP User
sn: icpuser
userPassword:: password

dn: uid=icpadmin,ou=users,dc=myldap,dc=org
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: ICP Admin
uid: icpadmin
givenName: ICP Admin
sn: icpadmin
userPassword:: password
 
dn: uid=impactadmin,ou=users,dc=myldap,dc=org
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: Impact Admin User
uid: impactadmin
givenName: Impact Admin User
sn: impactadmin
userPassword:: password

Groups

Group name Distinguished Names Members Requirement
icpadmins cn=icpadmins,ou=groups,LDAP_SUFFIX icpadmin Recommended
icpusers cn=icpusers,ou=groups,LDAP_SUFFIX icpadmin,icpuser Recommended
impactadmins cn=impactadmins,ou=groups,LDAP_SUFFIX impactadmin Recommended

Example LDIF for creating groups

dn: cn=icpadmins,ou=groups,dc=myldap,dc=org
cn: icpadmins
owner: uid=icpadmin,ou=users,dc=myldap,dc=org
description: ICP Admins group
objectClass: groupOfNames
member: uid=icpadmin,ou=users,dc=myldap,dc=org

dn: cn=icpusers,ou=groups,dc=myldap,dc=org
cn: icpusers
owner: uid=icpuser,ou=users,dc=myldap,dc=org
description: ICP Users group
objectClass: groupOfNames
member: uid=icpuser,ou=users,dc=myldap,dc=org
member: uid=icpadmin,ou=users,dc=myldap,dc=org