By default, when vRealize Log Insight connects to Active Directory, it first tries non-SSL LDAP, and then SSL LDAP if necessary.

If you want to limit the Active Directory communication to one particular protocol, or want to change the order of protocols that are tried, you must apply additional configurations in the vRealize Log Insight virtual appliance.

Verify that you have the root user credentials to log in to the vRealize Log Insight virtual appliance. See Configure the Root SSH Password for the Log Insight Virtual Appliance

To enable SSH connections, verify that TCP port 22 is open.

1

Establish an SSH connection to the vRealize Log Insight virtual appliance and log in as the root user.

2

Navigate to the following location: /storage/var/loginsight/config

3

Locate the latest configuration file where [number] is the largest: /storage/core/loginsight/config/loginsight-config.xml#[number]

4

Copy the latest configuration file: /storage/core/loginsight/config/loginsight-config.xml#[number]

5

Increase the [number] and save to the following location: /storage/core/loginsight/config/loginsight-config.xml#[number + 1]

6

Open the file for editing.

7

In the Authentication section, add the line that corresponds to the configuration that you want to apply:

Option

Description

<ad-protocols value="LDAP" />

For specifically using LDAP without SSL

<ad-protocols value="LDAPS" />

For specifically using LDAP with SSL only

<ad-protocols value="LDAP,LDAPS" />

For specifically using LDAP first and then using LDAP with SSL.

<ad-protocols value="LDAPS,LDAP" />

For specifically using LDAPS first and then using LDAP without SSL

When you do not select a protocol, vRealize Log Insight attempts to use LDAP first, and then uses LDAP with SSL.

8

Save and close the file.

9

Run the service loginsight restart command.