{"id":397,"date":"2010-10-07T10:38:38","date_gmt":"2010-10-07T09:38:38","guid":{"rendered":"http:\/\/www.kozeniauskas.com\/itblog\/?p=397"},"modified":"2011-01-25T14:08:36","modified_gmt":"2011-01-25T14:08:36","slug":"network-node-manager-nnm-authetication-using-active-directory","status":"publish","type":"post","link":"https:\/\/www.kozeniauskas.com\/itblog\/2010\/10\/07\/network-node-manager-nnm-authetication-using-active-directory\/","title":{"rendered":"Network Node Manager (NNM) authetication using Active directory"},"content":{"rendered":"

HP monitoring software like Sitescope, BAC, SIM, NNM etc. are using build in authentication. This is fine but that means that you have to remember many different passwords and logins. The other thing is that many companies have password policies and these policies must apply to all systems. So the obvious thing to do, would be to use one login provider. For this reason many use\u00a0 Active Directory. In HP SIM configuring authentication through Active Directory is very simple using GUI. Unfortunately in Network Node Manager (NNM) it is not that simple. The information is provided in Deployment Reference document but it is not very clear.<\/p>\n

In this post I’ll show you what works for me.<\/p>\n

1. You need to find file called ldap.properties<\/em><\/strong>
\nAccording to the HP Deployment Reference document it is located in %NNM_SHARED_CONF%<\/em><\/strong> which should be ‘C:\\HP\\HP BTO Software\\data\\shared\\nnm\\conf’<\/em><\/strong> if you’ve installed the software in default location.<\/p>\n

2.\u00a0 In Active Directory Users container<\/strong><\/em> create a group called nnmadmin<\/strong><\/em> and add the members to the group. These members will get admin rights in NNM. In Notes attribute of that group write admin.
\nThis is how it should look like:
\n\"\"<\/a><\/p>\n

NNM has 4 different user Roles(admin, level2, level1 and guest). I only use Guest<\/strong> and Admin<\/strong>. In my case any user that can be authenticated by Active directory but is not in nnmadmin group will get Guest<\/strong> rights by default. Also you need to know the DN path where all the users are located in Active directory. In my case they are located in OU=Company Staff,DC=domain,DC=com<\/em>.<\/p>\n

3. Open ldap.properties<\/em><\/strong> with text editor( Notepad will do) and you should see that it is not empty ant there are loads info in there.<\/p>\n

Here is how I have configured it:<\/p>\n

#Here you define domain controller that NNM will use<\/span><\/em><\/span><\/em> to read LDAP<\/span>
\n<\/em>java.naming.provider.url=ldap:\/\/DC.domain.com:389\/ <\/span><\/em><\/p>\n

#Here you define the location of the account and password of that account that NMM will use to connect to domain<\/em><\/em><\/span><\/p>\n

<\/em>bindDN=CN=nnmldap,CN=Users,DC=Domain,DC=com
\nbindCredential=nnmldappassword
\nallowEmptyPasswords=false<\/em><\/p>\n

#Here is the location of the users on the domain and the attribute by which the users are filtered<\/em><\/span><\/em>
\nbaseCtxDN=OU=Company Staff,DC=domain,DC=com
\nbaseFilter=sAMAccountName={0}
\n<\/em><\/p>\n

#This is the default role assigned to any user that does not have any roles assigned. This field can be commented<\/span><\/em>
\ndefaultRole=guest<\/em><\/p>\n

#Here you define the path to the group where which has the users with roles assigned<\/em><\/span><\/em> and also the atributes that NNM will look for
\n<\/span>
\nrolesCtxDN=CN=Users,DC=domain, DC=com
\nroleFilter=member={1}
\nuidAttributeID=member
\nroleAttributeIsDN=true
\nroleAttributeID=memberOf
\nroleNameAttributeID=info
\nuserRoleFilterList=admin<\/em><\/p>\n

4. After saving your file on NNM server open command prompt and issue the following command nnmldap.ovpl -reload <\/strong><\/em>this will reload modified ldap setting.<\/p>\n

5. Open Internet Explorer and try to login and see if new roles apply. When loging in do not use domain name in front of username. Use your Active Directory login only. It is the same that you use to login to your computer every morning \ud83d\ude42<\/p>\n

P.S. There is a log file ldap.log <\/strong><\/em>that is located in <\/strong>D:\\HP\\HP BTO Software\\data\\log\\nnm <\/strong><\/em>it can be usefull for troubleshooting.<\/p>\n","protected":false},"excerpt":{"rendered":"

HP monitoring software like Sitescope, BAC, SIM, NNM etc. are using build in authentication. This is fine but that means that you have to remember many different passwords and logins. The other thing is that many companies have password policies and these policies must apply to all systems. So the obvious thing to do, would […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3,316],"tags":[26,319,488,318,317,495],"_links":{"self":[{"href":"https:\/\/www.kozeniauskas.com\/itblog\/wp-json\/wp\/v2\/posts\/397"}],"collection":[{"href":"https:\/\/www.kozeniauskas.com\/itblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kozeniauskas.com\/itblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kozeniauskas.com\/itblog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kozeniauskas.com\/itblog\/wp-json\/wp\/v2\/comments?post=397"}],"version-history":[{"count":10,"href":"https:\/\/www.kozeniauskas.com\/itblog\/wp-json\/wp\/v2\/posts\/397\/revisions"}],"predecessor-version":[{"id":401,"href":"https:\/\/www.kozeniauskas.com\/itblog\/wp-json\/wp\/v2\/posts\/397\/revisions\/401"}],"wp:attachment":[{"href":"https:\/\/www.kozeniauskas.com\/itblog\/wp-json\/wp\/v2\/media?parent=397"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kozeniauskas.com\/itblog\/wp-json\/wp\/v2\/categories?post=397"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kozeniauskas.com\/itblog\/wp-json\/wp\/v2\/tags?post=397"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}