How To
Summary
The purpose of this article is to help the administrator to find the User Base and Group Base DN information required to configure LDAP authentication in QRadar®.
Environment
These steps require collaboration from Active Directory administrators to get the distinguishedName (DN) attribute from an Active Directory object.
Steps
To gather the User Base DN
By default, most of users are created in the default container "Users". However, users and groups may be organized into specific Organization Unit (OU). Administrator can use "Active Directory Users and Computers" (ADUC) to review the distinguishedName of the OU or container.
Administrator also can uses the dsquery utility (available on Domain Controller) to get the DN of the object
- Open a Windows® command prompt.
- Type the command:
dsquery user -name <known username>
The result looks like:CN=Test1,OU=QRadar,DC=alpha,DC=ibm,DC=int
- The User Base DN is part of output excluding the User's container. In QRadar® LDAP module settings, when asked for a User Base DN, enter:
OU=QRadar,DC=alpha,DC=ibm,DC=int
To gather Binding Login DN:
Similarly, using ADUC, administrator can review the distinguishedName attribute to get the DN for Binding account:
With dsquery:
dsquery user -name "QRadar Binding"
"CN=QRadar Binding,OU=ServiceAcc,DC=alpha,DC=ibm,DC=int"
To gather the Group Base DN
Using ADUC, administrator can get the distinguishedName attribute of the Container or OU where the groups are located:
With dsquery command, the Group Base DN is part of output excluding the group's container. In this example, it is "OU=QRadar,DC=alpha,DC=ibm,DC=int"
dsquery group -name SOC
"CN=SOC,OU=QRadar,DC=alpha,DC=ibm,DC=int"
Document Location
Worldwide
[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Version(s)"}]
Was this topic helpful?
Document Information
Modified date:
10 April 2024
UID
ibm16367965