When you import user account information from an LDAP database that resides on another machine, you must define the criteria used to import the user accounts from the source machine. Indicate the type of source for the distributed services for the user account information, select SSL/TLS for security if it is required, whether to synchronize the users to groups in vRealize Operations Manager, and advanced information to locate specific user accounts.

To add or edit LDAP import sources, click Administration and click LDAP Import Sources. To add an LDAP import source, click the plus sign and provide the LDAP import source information in the Add Source dialog box. To edit an LDAP import source, click the pencil icon and update the LDAP import source information.

LDAP Import Sources Add or Edit Source for User and Group Import

Option

Description

Source Display Name

Meaningful name that you assign to the LDAP import source.

Source Type

Indicates the type of directory services access technology to access the source machine where the LDAP database of user accounts resides. Options include:

Open LDAP. A platform-independent protocol that provides access to an LDAP database on another machine to import user accounts.

Active Directory. Microsoft directory access technology used to import user accounts from an LDAP database on a Windows machine. vRealize Operations Manager supports Windows Server 2003 SP2 or Windows Server 2008 and later versions.

Other. Specifies any other LDAP based directory services, such as Novel or OpenDJ, used to import user accounts from an LDAP database on a Linux Mac machine.

Integration Mode Basic settings

Applies basic settings to integrate the LDAP import source with the instance of vRealize Operations Manager.

Use Basic integration mode to have vRealize Operations Manager discover the host machine where the LDAP database resides, and set the base distinguished name (Base DN) used to search for users. You provide the name of the domain and the subdomain, which vRealize Operations Manager uses to populate the Host and Base DN details, and the name and password of the user who can log in to the LDAP host machine.

In Basic mode, vRealize Operations Manager attempts to fetch the host and port from the DNS server, and obtain the Global Catalog and domain controllers for the domain, with preference given to SSL/TLS-enabled servers.

Domain/Subdomain. Domain information for the LDAP user account.

Use SSL/TLS. When selected, vRealize Operations Manager uses the Secure Sockets Layer/Transport Layer Security (SSL/TLS) protocol to provide secure communication when you import users from an LDAP database. You do not need to install the SSL/TLS certificate. Instead, vRealize Operations Manager prompts you to view and verify the thumbprint, and accept the LDAP server certificate. After you accept the certificate, the LDAP communication proceeds.

User Name. Name of the user account that can log in to the LDAP host machine.

Reset Password. Reset the password of the user account that can log in to the LDAP host machine.

Automatically synchronize user membership for configured groups. When selected, enables vRealize Operations Manager to map imported LDAP users to user groups.

Host. Name or IP address of the host machine where the LDAP user database resides.

Port. Port used for the import. Use port 389 if you are not using SSL/TLS, or port 636 if you are using SSL/TLS, or another port number of your choice. Global Catalog ports are 3268 for non-SSL/TLS, and 3269 for SSL/TLS.

Base DN. Base distinguished name for the user search. vRealize Operations Manager will locate only the users under the Base DN. The Base DN is an elementary entry for an imported user's distinguished name (DN), which is the base entry for the user name without the need for other related information such as the full path to the user account, or the inclusion of related domain components. Although vRealize Operations Manager populates the Base DN, an Administrator must verify the Base DN before saving the LDAP configuration.

Common Name. LDAP attribute used to identify the user name. The default attribute for Active Directory is userPrincipalName.

Integration Mode Advanced settings

Applies advanced settings to integrate the LDAP import source with the instance of vRealize Operations Manager.

Use Advanced integration mode to manually provide the host name and base distinguished name (Base DN) to have vRealize Operations Manager import users. You provide the name and password of the user who can log in to the LDAP host machine.

Host. Name or IP address of the host machine where the LDAP user database resides.

Use SSL/TLS. When selected, vRealize Operations Manager uses the Secure Sockets Layer/Transport Layer Security (SSL/TLS) protocol to provide secure communication when you import users from an LDAP database. You do not need to install the SSL/TLS certificate. Instead, vRealize Operations Manager prompts you to view and verify the thumbprint, and accept the LDAP server certificate. After you accept the certificate, the LDAP communication proceeds.

Base DN. Base distinguished name for the user search. vRealize Operations Manager will locate only the users under the Base DN. The Base DN is an elementary entry for an imported user's distinguished name (DN), which is the base entry for the user name without the need for other related information such as the full path to the user account, or the inclusion of related domain components. Although vRealize Operations Manager populates the Base DN, an Administrator must verify the Base DN before saving the LDAP configuration.

User Name. Name of the user account that can log in to the LDAP host machine.

Reset Password. Reset the password of the user account that can log in to the LDAP host machine.

Automatically synchronize user membership for configured groups. When selected, enables vRealize Operations Manager to map imported LDAP users to user groups.

Common Name. LDAP attribute used to identify the user name. The default attribute for Active Directory is userPrincipalName.

Port. Port used for the import. Use port 389 if you are not using SSL/TLS, or port 636 if you are using SSL/TLS, or another port number of your choice. Global Catalog ports are 3268 for non-SSL/TLS, and 3269 for SSL/TLS.

Search Criteria

Displays the search criteria settings.

Although vRealize Operations Manager populates part of the search criteria, an Administrator must verify the settings to ensure that the settings are correct according to the properties of the LDAP type.

Group Search Criteria. Search criteria to find LDAP groups. If not included, vRealize Operations Manager uses the default search parameters: (|(objectClass=group)(objectClass=groupOfNames))

Member Attribute. Name of the attribute for a group object that contains the list of members. If not included, vRealize Operations Manager uses member by default.

User Search Criteria. Search criteria to use the member field to find and cache LDAP users. You type sets of key=value pairs in the form (|(key1=value1)(key2=value2)). If not included, vRealize Operations Manager searches for each user separately. This operation might take extra time.

Member Match Field. Name of the attribute for a user object to match with the member entry from a group object. If not included, vRealize Operations Manager treats the member entry as a distinguished name.

LDAP Context Attributes. Attributes that vRealize Operations Manager applies to the LDAP context environment. You type sets of key=value pairs separated by commas, such as java.naming.referral=ignore,java.naming.ldap.deleteRDNfalse.

Test

Tests whether the host machine can be reached, with the credentials provided. Although a test of the connection is successful, users who use the search feature must have read permissions in the LDAP source.

This test does not verify the accuracy of the Base DN or Common Name entries.