You can use the ldapRegistryHelper.sh command
to help you to create and enable an IBM® Tivoli® Directory Server or
Microsoft Active Directory server for IBM Operations Analytics - Log Analysis user
authentication.
Before you begin
- The unityadmin user must be a member of the UnityAdmins group
in the LDAP registry. Other users must be members of the UnityUsers group.
- To use other LDAP groups, update the unityConfig.xml file
to map the groups to security roles in IBM Operations Analytics - Log Analysis.
About this task
Only one LDAP server can be configured by using the utility.
Procedure
- To stop the IBM Operations Analytics - Log Analysis server,
use the following command:
./ unity.sh -stop
- To specify the LDAP server details, edit the ldapRegistryHelper.properties file
that is in the <HOME>/IBM/LogAnalysis/utilities/ directory.
For more information about the ldapRegistryHelper properties,
see the ldapRegistryHelper.properties topic
in the Configuration guide.
- Navigate to the <HOME>/IBM/LogAnalysis/utilities directory
and run the following command:
./ldapRegistryHelper.sh config
- Run the following command:
./ldapRegistryHelper.sh enable
- If the UnityAdmins or UnityUsers groups
are not in your LDAP server, you can map other groups in the LDAP
registry to security roles in IBM Operations Analytics - Log Analysis.
To map groups to security roles, edit the <HOME>/IBM/LogAnalysis/wlp/usr/servers/Unity/unityConfig.xml file. For example:
<security-role name="UnityUser">
<group name="UnityUsers" />
<group name="UnityAdmins" />
<group name="TestLANonAdmin"/>
<group name="TestLAAdmin"/>
</security-role>
<security-role name="UnityAdmin">
<group name="UnityAdmins" />
<group name="TestLAAdmin"/>
</security-role>
- To start the IBM Operations Analytics -
Log Analysis server, use the following command:
<HOME>/IBM/LogAnalysis/utilities/unity.sh -start
- To add LDAP users to IBM Operations Analytics - Log Analysis,
log in as unityadmin.
Note: You can delete the LDAP user registered with IBM Operations Analytics - Log Analysis but
you cannot edit or delete the actual LDAP users.
- To add roles and permissions to LDAP users,
open the IBM Operations Analytics - Log Analysis UI and click Administrative
Settings. For more information about adding roles and
permissions, see the Adding users to roles and Adding
permissions to roles topics in the Users and roles section
of the Configuring guide.
- Users who are deleted from the LDAP registry
must be removed from IBM Operations Analytics - Log Analysis by
the unityadmin user to prevent storage of obsolete
information in the IBM Operations Analytics - Log Analysis Derby
database.
Results
Basic LDAP authentication between IBM Operations Analytics - Log Analysis and
the IBM Tivoli Directory Server or
the Microsoft Active Directory server is enabled.
What to do next
After you configure LDAP, you must update the password
in the configuration files. For more information, see Updating passwords in the configuration files.