How to create AD Users and configure the UIM LDAP integration with AD server. How to Configure AD user to login to Infrastructure Manager.

Document ID : KB000045039
Last Modified Date : 24/10/2018
Show Technical Document Details
Introduction:

This document can be used to create new users in AD server and configure LDAP integration on UIM with AD server. Also explains steps to configure the user to login to Infrastructure manager.

 

 

Environment:

UIM: 8.2, 8.3 and 8.4

Instructions:

Creating NEW User in AD for UIM LDAP Integration.

Open the “Server Manager” in Windows server and Expand Active Directory domain services and Right click on “Users” and go to “New” and click on “User”
                                        User-added image
Give the Display Name and required user name and click on “Next”.
                                       User-added image
Click on “Finish”.
                                       User-added image
(Optional) Create a NEW Group (create as per below screenshots) if required.
                                       User-added image
        
                                       User-added image
Add the user to group. Right click on username and click on “Add to a group”.
                                      User-added image


                                      User-added image
Verify the user have been added to group. Right click on username and click on “Properties”.
                                      User-added image



 

Integrate UIM and LDAP.

 Open Hub configuration and click on Settings.
                                     User-added image
Go to “LDAP” tab and give AD server IP address and then click on “Lookup”. It would list “Group Container (DN)” and “User Container (DN)” if the lookup is successful.
Select “Authentication sequence” as LDAP->Nimsoft
Provide the AD user created. Note that sometimes it may requires domain need to mention (domain\username).
Click on “Test”. Test connection should be successful.
                                    User-added image


                                   User-added image




Create an ACL for AD user to access UIM.
Go to “Security” and click on “Manage Access Control List”.
Click on New and mention the required name then select the required option for “Copy Settings from” and click on “OK”.
Select “Make ACL Permission available for Account/Contacts” option.
                                 User-added image
Select the new ACL created under left pane, and click on “Set Account Link”.
Click on “New Account…” and then select the hub name and click on “OK”.
                                 User-added image
                                 User-added image
Select newly created Account link and then click on OK.
                                User-added image
Click on “Set LDAP Group” and select the required AD group (to which the AD user have been added or part of) and then click on “OK”.
                                User-added image
Go to Hub “Raw Configure” option, expand “ldap-> templates” and click on “Active Directory”.
Note: After hub v5.69, the hub was changed so that the filter_user key (edited through raw configuration) contains a dynamic value for $loginname.
Whereas this was previously hard-coded at: userPrincipleName=$loginname, now, $attr_usr_id=$loginname.

Therefore, the attr_usr_id (also modified through Raw Configuration) can be modified to any desired Active Directory attribute.
This would then translate to the AD attribute users would use for authentication when logging in to the hub (or UMP).
attr_usr_id = <AD User Attribute> ie. userPrincipalName, mail, displayName
Open key “filter_user” and add the below line and click on “OK”.
                filter_user = (&(objectClass=person)(|($attr_usr_id=$loginname)(sAMAccountName=$loginname)))
                               User-added image
 Finally, you can try logging in with new AD user created. Go to “Security” and click “Login”
                               User-added image
Additional Information:

Step by step guide to setup AD on Windows Server 2008:
http://www.rebeladmin.com/2011/03/step-by-step-guide-to-setup-active-directory-windows-server-2008/

Here is the link having detailed documentation about ad_server probe and configuration settings and metrics can be monitored by ad_server probe. Please go through the prerequisites before proceeding with probe deployment:
https://docops.ca.com/ca-unified-infrastructure-management-probes/en/alphabetical-probe-articles/ad_server-active-directory-server-monitoring