UCMDB and UD Practitioners Forum (Previously CMS)
cancel

UCMDB Authentication methods

SOLVED
Go to solution
Highlighted
Elliot.Mackenzi
Regular Contributor.

UCMDB Authentication methods

Hello,

I have been hunting through manuals for ages and have not found a simple list of what (if any) centralised authentication methods UCMDB (without BAC) supports (eg Active Directory, LDAP, TACACS and so on).

Can anyone give me a heads up on where to look?

Regards,
Elliot.

 

 

P.S. This thread has been moevd from Application Perf Mgmt (BAC / BSM) Support and News Forum to CMS and Discovery Support and News Forum. - Hp Forum Moderator

5 REPLIES
Jim Shaw
Super Contributor.
Solution

Re: UCMDB Authentication methods

7.5 Supports LDAP. UCMDB PDF doc "ReferenceInformation", page 20.
Sergey Poshevko
Respected Contributor.

Re: UCMDB Authentication methods

Hi,

You can find some additional information about LDAP authentication and group synchronization within "ModelManagement.pdf" at page 661.

Regards.
Elliot.Mackenzi
Regular Contributor.

Re: UCMDB Authentication methods

I should mention we are currently working with 7.01.

I note the comment above in relation to LDAP support for 7.50. Is LDAP authentication also supported with 7.01? I could not find any references to LDAP in the Reference Guide for 7.01.

Regards,
Elliot.
Dmitry Shevchenko
HPE Expert

Re: UCMDB Authentication methods

No, LDAP authentication is not supported before uCMDB 7.50.
Kirk Dahl
Super Contributor.

Re: UCMDB Authentication methods

It took a day and lack of information in the PDFs, I got my Active Directory authentication to work with uCMDB, using information from BAC.

Here is the items you need to set in the Ldap Configuration.

Remote users repository mode Enabled

UUID attribute = sAMAccountName
Users object class = user
Users filter = (&(sAMAccountName=*)(objectclass=user))
Groups member attribute = member
Group class object = group
LDAP server URL ldap://server1.ldap.company.com:389/dc=users,dc=company,dc=mcom,dc=com??sub
Distinguished Name (DN) Resolution =true
Distinguished Name of Search-Entitled User

The last one is the one that caused me most grief. Just put in short name of DN user(admin) I tried fully qualified.

Also, if you lock yourself out of uCMDB, we fould that you go to browser http://ucmdbserver:8080/jmx-console

Login with admin/admin

Then find the Foundations, service=users-remote-repository bean, open that and then set the RemoteUserRepositoryMode to Disabled, then this turns off ldap so you can log back in with your preset admin account to ucmdb.