Set up ServerView Operations Manager and the Directory Service Environment.
For details on how to set up the environment, refer to the manual of the relevant product.
Note
Do not modify the LDAP port number of OpenDS.
Coordination of User Operations on Resource Orchestrator and Directory Service
Whether user operations performed from Resource Orchestrator are reflected on the directory service or not is determined by the settings in the directory service operation definition file (ldap_attr.rcxprop).
For details, refer to "8.6.1 Settings for Tenant Management and Account Management" in the "Operation Guide CE". By default, the content of operations is reflected on the directory service.
User information of Resource Orchestrator is created in the following location.
When Using Active Directory
cn=Users,Base_DN
When Using OpenDS
ou=users,Base_DN
When using a user account of the existing directory service as the user of Resource Orchestrator, edit the directory service operation definition file so that the operation content will not be reflected.
Note
If the directory service operation definition file includes the setting which reflects the content of operations, when a user is deleted from Resource Orchestrator, the corresponding user account will be deleted from the directory service as well. Exercise caution when using an existing directory service for user management on another system.
When Using a User already Registered with Active Directory as a Resource Orchestrator User
When using Active Directory for directory service, select the attributes to search the user ID for logging in to Resource Orchestrator, "User Search Filter" using directory service settings during ServerView Operations Manager installation. When using the application process, set the sAMAccountName attributes for "User Search Filter".
When performing Single Sign-On using Active Directory and when using a user already registered to Active Directory as a Resource Orchestrator user, it is possible to change the User Search Area from the Default location. To change the User Search Area from the Default, it is necessary to change the "User Search Base" in the "Directory Service Configurations" which was specified when installing ServerView Operations Manager.
For details on "Use Search Filter" and "User Search Base" in "Directory Service Configurations", refer to the following manual.
"Menu-Driven Installation of the Operations Manager Software" in the "ServerView Suite ServerView Operations Manager Installation Guide"
The information specified for "User Search Base" is stated in the file explained in the following manual. For details on how to change the user search base, refer to the following manual.
"Configuring directory service access" in "ServerView Suite User Management in ServerView"
For setting up Resource Orchestrator, it is necessary to establish communication beforehand, since communication between the manager and the directory service requires LDAP (Lightweight Directory Access Protocol) of the TCP/IP protocol protected by SSL.
Use tools or commands to check communications.
When the directory server is Microsoft Active Directory
For details, refer to the Microsoft web site below.
How to enable LDAP over SSL with a third-party certification authority
URL: http://support.microsoft.com/kb/321051/en/ |
When Installing ServerView Operations Manager Again
When using the OpenDS bundled with ServerView Operations Manager, back up the user information before uninstalling ServerView Operations Manager, if it becomes necessary to install ServerView Operations Manager again.
Restore the user information in OpenDS, after installing ServerView Operations Manager again.
For details on the backup and restore of OpenDS, refer to the ServerView Operations Manager manual.
