IBM Support

APM 8.1.4 - 10 steps to enable LDAP on your APM Server

Technical Blog Post


Abstract

APM 8.1.4 - 10 steps to enable LDAP on your APM Server

Body

Please follow the 10 steps to enable LDAP on your APM v8.1.4 server.

1)     Find the necessary information in the Microsoft Active Directory using the Microsoft Sysinternals Active Directory Explorer

image                 

2)  Stop ALL APM processes: /usr/bin/

                                 apm stop_all

3)  make a backup of the following files:
         <install_dir>/wlp/usr/shared/config/basicRegistry.xml
         <install_dir>/wlp/usr/shared/config/commonRegistry.xml
         <install_dir>/wlp/usr/shared/config/oauthVariables-onprem.xml
         <install_dir>/wlp/usr/servers/server1/cscs/conf/cscsRoleAdmin.conf

    
4)   update the <install_dir>/wlp/usr/shared/config/ldapRegistry.xml (choose the Non-SSL or SSL template. Both are identical except for the additional SSL settings. )
             <server>
            <ldapRegistry id="ldap" realm="MSADO2012Realm"
                host="172.16.1.8" port="389" ignoreCase="true"
                baseDN="dc=csilabdom,dc=private"
                bindDN="cn=Administrator,cn=Users,dc=csilabdom,dc=private"
                bindPassword="{xor}FjNvKTYrNis="
                ldapType="Microsoft Active Directory"
                recursiveSearch="true">

        
5)   update the realm name <install_dir>/wlp/usr/shared/config/oauthVariables-onprem.xml (must much the entry from the ldapRegistry.xml)
                <?xml version="1.0" encoding="UTF-8"?><server>
                <variable name="oauthRealm" value="MSADO2012Realm"/>

        
6)  update the <install_dir>/wlp/usr/shared/config/commonRegistry.xml (you can only use LDAP or Basic registry) and enable the LDPARegistry
                <server>
                <!--include optional="false" location="${shared.config.dir}/basicRegistry.xml"/-->
               <include optional="false" location="${shared.config.dir}/ldapRegistry.xml"/>

               <server>
    
7)     Navigate to the <install_dir>/wlp/usr/servers/server1/cscs/conf directory and create a file called cscsRoleAdmin.new.
        Do not edit or remove the cscsRoleAdmin.conf file directly.
        Any change should be done by creating a cscsRoleAdmin.new file.
         MSADO2012Realm: The realm specified in the registry configuration file (basicRegistry.xml or ldapRegistry.xml).

         Jens: The user that is replacing apmadmin. It might be the LDAP administrator account or it might be any  user account from your user directory. The syntax is case-sensitive!
    
                     user:MSADO2012Realm/CN=Jens,CN=Users,dc=csilabdom,dc=private
    
8)    update the <install_dir>/wlp/usr/servers/apmui/server-oauth2-tai.xml   and modify the line starting with "systemUser".
       The systemUser must be the same like in the cscsRoleAdmin.new file
                    systemUser=" CN=Jens,CN=Users,dc=csilabdom,dc=private”

9)     Restart the Cloud APM server by using the following command in the /usr/bin/ directory:
                          apm start_all
                          
10)   If the LDAP doesn't work as expected, like the admin user can not logon or you get an Not Authorized message.
        Then check the messages.log file in the <install_dir>/wlp/usr/servers/apmui/logs/  directory for any LDAP related errors.
        A search for the word 'RBAC2' should return several entries with the expected settings for your LDAP configuration

#jenssocialdwb

image

Subscribe and follow us for all the latest information directly on your social feeds:

image

image

image

  



 

Check out all our other posts and updates:

Academy Blogs: https://goo.gl/U7cYYY
Academy Videos: https://goo.gl/TLfMoF
Academy Google+: https://goo.gl/HnTs0w
Academy Twitter : https://goo.gl/AhR8CL








 

[{"Business Unit":{"code":"BU011","label":"Systems - zSystems software"},"Product":{"code":"SSVJUL","label":"IBM Application Performance Management"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":""}]

UID

ibm11277230