IBM Support

QRadar: How to find the User Base and Group Base DN information when using LDAP

How To


Summary

The purpose of this article is to help the administrator to find the User Base and Group Base DN information required to configure LDAP authentication in QRadar®. These steps can be run from any member server on the Windows® domain with the Remote Server Administration Tools (RSAT) installed on its local machine.

Environment

These steps required the dsquery utility to be enabled. This utility can be enabled by using the steps provided by Windows® in Remote Server Administration Tools (RSAT)

Steps

To gather the User Base DN
  1. Open a Windows® command prompt.
  2. Type the command:
    dsquery user -name <known username>
    Example: If you are searching for all users named "John", you can enter the username as John* to get a list of all users who's name is John.

    The result looks like:
    CN=John.Smith,CN=Users,DC=test,DC=internal
  3. - In QRadar® LDAP module settings, when asked for a User Base DN, enter:
    CN=Users,DC=test,DC=internal

1

This configuration allows the users to connect within the Users Common Name (CN) only. Ideally, this configuration must have the domain portion only (DC=test,DC=internal) and restrict which users can connect by using Group Base DN

 

To gather the Group Base DN

  1. Open a Windows® command prompt.
  2. Type the command:
    dsquery group -name <known group name>
    Example: If you are searching for a group called Users, you can enter the group name as Users* to get a list of all groups who's name contains "Users"
  3. The result looks like:
    CN=Users,CN=Builtin,DC=test,DC=internal
  4. In QRadar® LDAP module settings, when asked for a User Base DN, enter:
    CN=Users,CN=Builtin,DC=test,DC=internal
basedn02

Document Location

Worldwide

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Version(s)"}]

Document Information

Modified date:
18 November 2020

UID

ibm16367965