IBM Operations Analytics - Log Analysis, Version 1.3.2

Configuring multiple LDAP servers

Procedure

  1. To stop the IBM® Operations Analytics - Log Analysis server, use the following command: 
    ./ unity.sh -stop
  2. To specify the LDAP server details, edit the ldapRegistryHelper.properties file that is in the <HOME>/IBM/LogAnalysis/utilities/ directory. For more information about the ldapRegistryHelper properties, see the ldapRegistryHelper.properties topic in the Configuration guide.
  3. Navigate to the <HOME>/IBM/LogAnalysis/utilities directory. Use the ldapRegistryHelper.sh command to generate the ldapRegistry.xml file and run the following command to generate the <HOME>/IBM/LogAnalysis/wlp/usr/servers/Unity/ldapRegistry.xml file: 
    ./ldapRegistryHelper.sh config

    Back up the ldapRegistry.xml file and repeat this step for each LDAP server.

  4. To ensure that the servers are distinct, edit the realm and id properties in the ldapRegistryHelper.properties file that is in the <HOME>/IBM/LogAnalysis/utilities/ directory. For more information about the ldapRegistryHelper properties, see the ldapRegistryHelper.properties topic in the Configuration guide.
  5. To map groups in your LDAP servers to security roles in IBM Operations Analytics - Log Analysis, edit the <HOME>/IBM/LogAnalysis/wlp/usr/servers/Unity/unityConfig.xml. For example:
    <server>
  <application type="war" id="Unity" name="Unity"
             location="${server.config.dir}/apps/Unity.war">
    <application-bnd>
       <security-role name="UnityUser"
           <group name="UnityUsers" />
           <group name="UnityAdmins" />
           <group name="TestLANonAdmin"/
           <group name="TestLAAdmin"/
       </security-role>
       <security-role name="UnityAdmin">
           <group name="UnityAdmins" />
       /security-role>
    /application-bnd>
  /application>
  oauth-roles>
    authenticated>
      <group name="UnityUsers"/>
      <group name="TestLANonAdmin"/>
      <group name="TestLAAdmin"/>
    /authenticated>
  /oauth-roles>
</server>
  6. To start the IBM Operations Analytics - Log Analysis server, use the following command: 
    <HOME>/IBM/LogAnalysis/utilities/unity.sh -start
  7. Log in as the unityadmin user and add the LDAP users to IBM Operations Analytics - Log Analysis.
    Note: You can delete the LDAP user registered with IBM Operations Analytics - Log Analysis but you cannot edit or delete the actual LDAP users.
  8. To add roles and permissions to LDAP users, open the IBM Operations Analytics - Log Analysis UI and click Administrative Settings. For more information about adding roles and permissions, see the Adding users to roles and Adding permissions to roles topics in the Users and roles section of the Configuring guide.
  9. Users who are deleted from the LDAP registry must be removed from IBM Operations Analytics - Log Analysis by the unityadmin user to prevent storage of obsolete information in the IBM Operations Analytics - Log Analysis Derby database.
Parent topic: LDAP configuration

Feedback