IBM Support

QRadar: How to find the User Base and Group Base DN information when using LDAP

How To


Summary

The purpose of this article is to help the administrator to find the User Base and Group Base DN information required to configure LDAP authentication in QRadar®.

Environment

These steps require collaboration from Active Directory administrators to get the distinguishedName (DN) attribute from an Active Directory object. 

Steps

To gather the User Base DN
By default, most of users are created in the default container "Users". However, users and groups may be organized into specific Organization Unit (OU). Administrator can use "Active Directory Users and Computers" (ADUC) to review the distinguishedName of the OU or container.
ADUC_OU_DN
Administrator also can uses the dsquery utility (available on Domain Controller) to get the DN of the object
  1. Open a Windows® command prompt.
  2. Type the command: 
    dsquery user -name <known username>
    Example: If you are searching for all users named "Test", you can enter the username as Test* to get a list of all users who's name is Test.

    The result looks like: 
    CN=Test1,OU=QRadar,DC=alpha,DC=ibm,DC=int
  3. The User Base DN is part of output excluding the User's container. In QRadar® LDAP module settings, when asked for a User Base DN, enter: 
    OU=QRadar,DC=alpha,DC=ibm,DC=int
    LDAP_module_UserBase

To gather Binding Login DN:

Similarly, using ADUC, administrator can review the distinguishedName attribute to get the DN for Binding account:
ADUC_binding_acc
With dsquery:
dsquery user -name "QRadar Binding"

"CN=QRadar Binding,OU=ServiceAcc,DC=alpha,DC=ibm,DC=int"

 

To gather the Group Base DN

Using ADUC, administrator can get the distinguishedName attribute of the Container or OU where the groups are located:
ADUC_GroupDN
With dsquery command, the Group Base DN is part of output excluding the group's container. In this example, it is "OU=QRadar,DC=alpha,DC=ibm,DC=int"
dsquery group -name SOC

"CN=SOC,OU=QRadar,DC=alpha,DC=ibm,DC=int"
LDAP_GroupBase

Document Location

Worldwide

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Version(s)"}]

Document Information

Modified date:
10 April 2024

UID

ibm16367965

Page Feedback