How do I enable Active Directory integration with UIM?

Document ID : KB000034343
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

How do I enable Active Directory integration with UIM?
 

Answer:

Configuring LDAP authentication in UIM is comprised of three basic steps:
  1. Define LDAP resources.
  2. Configuring the hub to communicate with an LDAP resource.
  3. Linking an ACL with an Active Directory group.

 

Define LDAP resources

This section requires a bit of planning and you may need to involve your Windows admin for this step as this is an area of configuration that is very specific to your Active Directory environment and policies. Some customers might define a container to store all UIM objects in. Many customers set up groups that will correspond with the permissions that will be associated with a UIM user.  

For example a customer might create a container called UIM with Groups and Users container beneath that.  Then within the groups container, a customer might create multiple groups that define the roles of the members; administrative groups, customer groups, etc.  

Once your groups and users are created, add your users to the appropriate groups.

 

Configuring the hub

You will first need to enable LDAP integration in the Hub Configuration, by editing the General -> Settings configuration. The changes needed here are:

  1. Check LDAP Authentication to enable the section
  2. Enter a Server Name
  3. Select the Server Type.  In this case, ensure that Active Directory is selected.
  4. Authentication Sequence controls the order of where the hub looks up a user account.  Nimsoft > LDAP means the hub looks in its local database before going to LDAP.  LDAP > Nimsoft means the hub references the Active Directory server first. 
  5. Click the "Lookup" button to ensure you are able to contact the LDAP server.
  6. Enter an Active Directory user account in the User field.
  7. Enter that user's password in the Password field.
  8. Click the "Test" button to ensure that you can authenticate to the LDAP server using the entered credentials.
  9. The Group Container field is a reference to where the hub needs to find the LDAP groups that UIM ACLs are linked to.  You'll need to fill this in using standard LDAP object naming conventions.  For example, if your domain is contoso.com and you store your UIM groups in a container called UIM\Groups you might enter CN=Groups,CN=UIM,DC=contoso,DC=com
  10. The User Container field is a reference to where the hub needs to find the LDAP users that that UIM is authenticating to the system.  You'll need to fill this in using standard LDAP object naming conventions.  For example, if your domain is contoso.com and you store your UIM users in a container called UIM\Users you might enter CN=Users,CN=UIM,DC=contoso,DC=com
  11. Click OK to exit the LDAP settings.
  12. Click OK to save the settings in the hub and restart.

H

Link ACL to Active Directory Group

Your next step is to create UIM ACLs that will correspond to the groups you defined in Active Directory.
  1. Open Infrastructure Manager
  2. Click Security
  3. Choose Manage Access Control List
  4. Click the New button to create a new ACL.  You may choose another ACL to pattern the new ACL from.
  5. Enter a name for the ACL
  6. Click OK
  7. Click Set LDAP Group
  8. A list of LDAP groups from your Group Container is presented.  Choose the appropriate group to link this ACL to.

 

LDAP Group ACL

 

Additional Information:

If you would like more information on LDAP integration with the UIM environment, please see the product documentation at 

https://docops.ca.com/ca-unified-infrastructure-management/8-31/en/administering-users/enable-login-with-ldap