To save time, you can map multiple LDAP users in Log Analysis with the LDAP
bulk upload utility.
Before you begin
Note: When LDAP is configured, users are automatically created, if they do not exist in Log Analysis after
successful authentication. You can still use the bulkload utility to load multiple users.
Ensure that LDAP for Log Analysis is
configured.
Ensure that an administrative user exists in Log Analysis. In most cases,
this user is unityadmin
.
Ensure that the LDAP groups are mapped to the security role in Log Analysis. For more
information, see Mapping LDAP groups to the security role.
About this task
You can find sample files in the <HOME>/IBM®/LogAnalysis/utilities/bulkload directory.
After you complete this task, the script logs events in the loadldapusers.log
file.
The user and role names must use 4 - 30 characters. The role name cannot contain numerals or
special characters.
If a user or role exists, the utility does not create this user and role and continues creating
the other users and roles that are specified in the file.
Procedure
-
Create a JSON or properties file that lists the users and roles that you want to register with
Log Analysis.
The format for the properties file is as
follows:
roles = <role1>, <role2>
users = <user1>;<role1>,\
<user2>;<role1>;<role2>
For
example:
roles = operations, expert
users = user1@example.org;operations,\
user2@example.org;operations;expert
The
JSON file must contain a list of roles and a JSON object for each user, which is specifies the roles
that are assigned to the user. For
example:
{
roles
:[{name
:operations
, displayName
:ops user
,
description
:operations user role
},{name
:expert
,
displayName
:expert user
, description
:subject matter expert
}],
users
: [ {name
:user1@example.org
, roles
:[operations
]},
{name
:user2@example.org
,roles
:[operations
, expert
]}]
}
-
Specify a value for the
UNITY_HOME
parameter in the <HOME>/IBM/LogAnalysis/utilities/bulkload/loadLDAPUsers.sh script.
For example, UNITY_HOME=/home/scala/IBM/LogAnalysis/
.
-
Specify values for the following parameters in the <HOME>/IBM/LogAnalysis/utilities/bulkload/loadldapusers.properties file:
Table 1. loadldapusers.properties parameters
Parameter |
Description |
LA_URL |
Specify the fully qualified host name for the Log Analysis server. |
LA_USER |
Specify the administrative user for Log Analysis. For example,
unityadmin . |
LA_PASSWORD |
Specify the password for the user. |
LA_KEYSTORE |
Specify the path and the file name for the key store file. |
USERS_FILE |
Specify the path and file name for the file that you created that contains the list of users
and roles. |
-
To run the script, enter the following command:
./loadLDAPUsers.sh loadldapusers.properties
Results
The users and roles are created in Log Analysis. You can view
them on the Users and Roles tabs. Roles are assigned
to the users as specified in the file.
What to do next
After you complete this task, assign permissions to view data from specific data sources by
editing the roles that you created. For more information, see Editing a role.