Creating users on an external LDAP server
If you installed with LDAP mode:proxy, mandatory LDAP Organization Units, Users, and Groups entries must be created in the target LDAP server, which is used by the Netcool® Operations Insight® on Red Hat® OpenShift® deployment. If you installed with LDAP mode:standalone, the mandatory entries are created for you with default values.
If the mandatory LDAP entries are missing or wrong, then some pods do not start correctly. For instance, bind DN is case sensitive and can cause deployment failure during password verification. The recommended LDAP entries, Users, Groups, and Roles, improve the organization of entities in a deployment. Absence of these recommended LDAP entries does not cause deployment failures. However, if the recommended LDAP Users are not created, you cannot log in with those users. Before deploying the offering, the LDAP server administrator must provide a base Distinguished Name (DN) value for the destination LDAP server. Review and create the mandatory and recommended LDAP entries at the base DN as needed.
All LDAP entries are described in the following sections along with their DN and requirement status. In all cases, the LDAP_SUFFIX placeholder must be replaced with the base DN value that is provided by the LDAP administrator.
Organizational Units
Unit name | Distinguished Name | Requirement |
---|---|---|
groups |
ou=groups,LDAP_SUFFIX |
Required |
users |
ou=users,LDAP_SUFFIX |
Required |
Example LDIF to create organizational units
In all LDIF examples, LDAP_SUFFIX is replaced with dc=myldap,dc=org
dn: ou=groups,dc=myldap,dc=org
objectClass: organizationalUnit
objectClass: top
ou: groups
dn: ou=users,dc=myldap,dc=org
objectClass: organizationalUnit
objectClass: top
ou: users
Users
User Name | Distinguished Name | Requirement |
---|---|---|
icpadmin |
uid=icpadmin,ou=users,LDAP_SUFFIX |
Recommended |
icpuser |
uid=icpuser,ou=users,LDAP_SUFFIX |
Recommended |
impactadmin |
uid=impactadmin,ou=users,LDAP_SUFFIX |
Required |
Example LDIF for creating users
dn: uid=icpuser,ou=users,dc=myldap,dc=org
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: ICP User
uid: icpuser
givenName: ICP User
sn: icpuser
userPassword:: password
dn: uid=icpadmin,ou=users,dc=myldap,dc=org
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: ICP Admin
uid: icpadmin
givenName: ICP Admin
sn: icpadmin
userPassword:: password
dn: uid=impactadmin,ou=users,dc=myldap,dc=org
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: Impact Admin User
uid: impactadmin
givenName: Impact Admin User
sn: impactadmin
userPassword:: password
Groups
Group name | Distinguished Names | Members | Requirement |
---|---|---|---|
icpadmins |
cn=icpadmins,ou=groups,LDAP_SUFFIX |
icpadmin |
Recommended |
icpusers |
cn=icpusers,ou=groups,LDAP_SUFFIX |
icpadmin,icpuser |
Recommended |
impactadmins |
cn=impactadmins,ou=groups,LDAP_SUFFIX |
impactadmin |
Recommended |
Example LDIF for creating groups
dn: cn=icpadmins,ou=groups,dc=myldap,dc=org
cn: icpadmins
owner: uid=icpadmin,ou=users,dc=myldap,dc=org
description: ICP Admins group
objectClass: groupOfNames
member: uid=icpadmin,ou=users,dc=myldap,dc=org
dn: cn=icpusers,ou=groups,dc=myldap,dc=org
cn: icpusers
owner: uid=icpuser,ou=users,dc=myldap,dc=org
description: ICP Users group
objectClass: groupOfNames
member: uid=icpuser,ou=users,dc=myldap,dc=org
member: uid=icpadmin,ou=users,dc=myldap,dc=org