Mapping multiple LDAP users in Log Analysis

To save time, you can map multiple LDAP users in Log Analysis with the LDAP bulk upload utility.

Before you begin

Note: When LDAP is configured, users are automatically created, if they do not exist in Log Analysis after successful authentication. You can still use the bulkload utility to load multiple users.

Ensure that LDAP for Log Analysis is configured.

Ensure that an administrative user exists in Log Analysis. In most cases, this user is unityadmin.

Ensure that the LDAP groups are mapped to the security role in Log Analysis. For more information, see Mapping LDAP groups to the security role.

About this task

You can find sample files in the <HOME>/IBM®/LogAnalysis/utilities/bulkload directory. After you complete this task, the script logs events in the loadldapusers.log file.

The user and role names must use 4 - 30 characters. The role name cannot contain numerals or special characters.

If a user or role exists, the utility does not create this user and role and continues creating the other users and roles that are specified in the file.

Procedure

  1. Create a JSON or properties file that lists the users and roles that you want to register with Log Analysis.
    The format for the properties file is as follows:
    
    roles = <role1>, <role2>
    users = <user1>;<role1>,\
    <user2>;<role1>;<role2>
    For example:
    
    roles = operations, expert
    users = user1@example.org;operations,\
    user2@example.org;operations;expert
    The JSON file must contain a list of roles and a JSON object for each user, which is specifies the roles that are assigned to the user. For example:
    {
    roles:[{name:operations, displayName:ops user, 
    description:operations user role},{name:expert, 
    displayName:expert user, description:subject matter expert}],
    users: [ {name:user1@example.org, roles:[operations]}, 
    {name:user2@example.org,roles:[operations, expert]}]
    }
  2. Specify a value for the UNITY_HOME parameter in the <HOME>/IBM/LogAnalysis/utilities/bulkload/loadLDAPUsers.sh script.
    For example, UNITY_HOME=/home/scala/IBM/LogAnalysis/.
  3. Specify values for the following parameters in the <HOME>/IBM/LogAnalysis/utilities/bulkload/loadldapusers.properties file:
    Table 1. loadldapusers.properties parameters
    Parameter Description
    LA_URL Specify the fully qualified host name for the Log Analysis server.
    LA_USER Specify the administrative user for Log Analysis. For example, unityadmin.
    LA_PASSWORD Specify the password for the user.
    LA_KEYSTORE Specify the path and the file name for the key store file.
    USERS_FILE Specify the path and file name for the file that you created that contains the list of users and roles.
  4. To run the script, enter the following command:
    ./loadLDAPUsers.sh loadldapusers.properties

Results

The users and roles are created in Log Analysis. You can view them on the Users and Roles tabs. Roles are assigned to the users as specified in the file.

What to do next

After you complete this task, assign permissions to view data from specific data sources by editing the roles that you created. For more information, see Editing a role.