To create an environment for Systemwalker Runbook Automation , register the required user information on a directory service. This section explains the registration method for each authentication protocol. Register user information in accordance with the authentication protocol being used.
Note
Users, groups and organizational units only need to be registered with the LDAP directory for the initial setup after installation. This is not required when the setup is canceled and then performed again
There is no need to create organizational units if the LDAP directory is to be operated using organizational units that have already been created.
The users and groups created in this chapter are the ones required for Systemwalker Runbook Automation to run. Be sure to create these users and groups.
Refer to the Systemwalker Runbook Automation Operation Guide for details on how to create and register users that will actually perform operations.
Creating LDIF file with copying example from this manual is discouraged. Because it is occurred to drop linefeed or to add linefeed doubly, by your using Web browser or viewer program. Recommend using sample according to procedure on this manual.
By necessity, to copy example from this manual, create LDIF file with well-confirming that linefeed is added according to displayed manuals.
To use authentication using the Interstage Single Sign-On function, register user information with the Interstage Directory Service.
This section describes procedure that register user on Interstage Directory Service
This section describes how to register user with using LDIF file.
Note
For details of LDIF file, refer to the Interstage Application Server Directory Service Operator's Guide.
Information
Registering User information can also be done with using Entry management tool of GUI. For details, refer to the Interstage Application Server Directory Service Operator's Guide.
How to Register User Information Using Sample LDIF File
This section describes method that registering User information using sample LDIF file specified user information to build Systemwalker Runbook Automation environment.
Register LDIF sample on as below.
[Windows]
Systemwalker Runbook Automation Install directory for Management Server\etc\sample\ldif
[Linux]
/etc/opt/FJSVswrbam/sample/ldif/
LDIF File | Explanation |
|---|---|
swrba_sso_sample.ldif | This is ldif file to create Users, Groups and Organizational Units and to add user to Group If you use Interstage Single Sign-On authentication foundation, use this sample. |
swrba_no_sso_sample.ldif | This is ldif file to create Users, Groups and Organizational Units and to add user to Group If you do not use Interstage Single Sign-On authentication foundation, use this sample. |
This sample assumes the following LDAP composition
Edit file according to LDAP environment and make sure to change password for process control and user for schedule startup
Public directory | ou=interstage,o=fujitsu,dc=com |
Organizational Units for registering user | ou=User |
Organizational Units for registering group | ou=Group |
User for process control | swrbaadmin |
User password for process control | systemwalker#1 |
User for schedule startup | swrbasch |
Password of user for schedule startup | systemwalker#2 |
For detail explanation of contents specified LDIF file, refer to the How to Create and Register LDIF File
Register definition information of LDIF file on LDAP with using ldapmodify command
[Windows]
ldapmodify -H ldap://<Interstage Directory Service host name>:<port number> -D "<administrator DN>" -w <password> -a -f <edit LDIF file> |
[Linux]
/opt/FJSVirepc/bin/ldapmodify -H ldap://<Interstage Directory Service host name>:<port number> -D "<administrator DN>" -w <password> -a -f <edited LDIF file> |
Example
Interstage Directory Service host name: hostname
Port number: 389
Administrator DN: cn=manager, ou=interstage, o=fujitsu, dc=com
Manager DN password: password
Name of the LDIF file that was edited: rbauser.ldif
[Windows]
ldapmodify -H ldap://hostname:389 -D "cn=manager,ou=interstage,o=fujitsu,dc=com" -w password -a -f rbauser.ldif |
[Linux]
/opt/FJSVirepc/bin/ldapmodify -H ldap://hostname:389 -D "cn=manager,ou=interstage,o=fujitsu,dc=com" -w password -a -f rbauser.ldif |
For the detail ldapmodify command, refer to the "Interstage Directory Service Operation Commands" in the Interstage Application Server Reference Manual (Command Edition).
How to Create and Register LDIF File
This section describes method that creating LDIF file for registering the following User information.
Although this section describes that creating three LDIF file, it is possible to register on LDAP with all files in one file.
LDIF file for creating Organizational Units (OU)
Describes definition for registering Organizational Units (OU) indicated the following table on LDAP
Name of creating Organizational Units (OU) | Whether an arbitrary name can be specified |
|---|---|
Group | Yes |
User | Yes |
Point
It is possible to be hierarchized Organizational Units (OU).
Create LDIF file for registering Organizational Units (OU) as directed setting example
User Group is created automatically when repository is created.
To use User Group as a group managed user, Prepare LDIF file which registered only group as below.
dn: ou=Group,%DOMAIN%
changetype: add
objectClass: organizationalUnit
ou: GroupTo use except name "User" Group as a group managed user, Prepare LDIF file which registered two groups, which one group managed a group and the other group managed user as below.
dn: ou=Group,%DOMAIN% changetype: add objectClass: organizationalUnit ou: Group dn: ou=<ou name except User>,%DOMAIN% changetype: add objectClass: organizationalUnit ou: <ou name except User>
Note that the %...% parts of the file should be replaced with the elements in the list below.
Replace Target List
Replace target symbol | Setting value after replacing |
|---|---|
%DOMAIN% | Public directory (Example) ou=interstage,o=fujitsu,dc=com Note: To setup after building LDAP, It is necessary to specify this setting value on LDAP key name when setup. |
Point
For the detail of object class and attribute which specified on setting example, refer to the "Interstage Directory Service Object Classes" and "Interstage Directory Service Attributes" in the Interstage Application Server Directory Service Operator's Guide.
LDIF file for registering users
Describes definition for registering user indicated the following table on LDAP
User name | Password | Explain |
|---|---|---|
swrbaadmin | systemwalker#1 | User which needed by Systemwalker Runbook Automation control process. (mandatory) |
swrbasch (Note 1) | systemwalker#2 (Note 2) | User required by Systemwalker Runbook Automation to start the Automated Operation Process according to a schedule (mandatory) |
Note 1
Although it is suggested user name, it is possible to specify any name.
Note 2
Systemwalker#1 and Systemwalker#2 is default. This can be changed to any password, except one containing $, \, ", and spaces.
Create LDIF file to register user according to the setting example.
Setting example 1: n case of using Interstage Single Sign-On
dn: uid=swrbaadmin ,ou=%USER%,%DOMAIN% changetype: add objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top objectClass: ssoUser cn: swrbaadmin sn: swrbaadmin givenName: swrbaadmin userPassword: systemwalker#1 uid: swrbaadmin dn: uid=swrbasch,ou=%USER%,%DOMAIN% changetype: add objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top objectClass: ssoUser cn: swrbasch sn: swrbasch givenName: swrbasch userPassword: systemwalker#2 uid: swrbasch
Setting example 2: In case of not using Interstage Single Sign-On
dn: uid=swrbaadmin ,ou=%USER%,%DOMAIN% changetype: add objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top cn: swrbaadmin sn: swrbaadmin givenName: swrbaadmin userPassword: systemwalker#1 uid: swrbaadmin dn: uid=swrbasch,ou=%USER%,%DOMAIN% changetype: add objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top cn: swrbasch sn: swrbasch givenName: swrbasch userPassword: systemwalker#2 uid: swrbasch
Note that the %...% parts of the file should be replaced with the elements in the list below.
Replace Target List
Replace target symbol | Setting value after replacing |
|---|---|
%DOMAIN% | Public directory (Example) ou=interstage,o=fujitsu,dc=com Note: To setup after building LDAP, It is necessary to specify this setting value on LDAP key name when setup. |
%USER% | Organizational Units (OU) User (if it is changed name in Creating an organizational unit (OU), specify changed name of Organizational Units (OU). (Example) User Note: To setup after building LDAP, It is necessary to specify "ou=<%USER% setting value>" in Organizational Units which stored user account. |
Point
For the detail of object class and attribute which specified on setting example, refer to the "Interstage Directory Service Object Classes" and "Interstage Directory Service Attributes" in the Interstage Application Server Directory Service Operator's Guide.
LDIF file for registering groups and adding users
Describes definition for registering group indicated the following table
Group name | Member belonged |
|---|---|
AdminRole |
|
IflowUsers |
|
IflowGroups |
|
swrba_Exe |
|
Role |
|
Note
Not attach user except of swrbaadmin in swrba_Exe group.
If you attach except of swrbaadmin user, it may occur error on Automated Operation Process
Create LDIF file to register group and add user according to the setting example.
Setting example
dn: cn=AdminRole,ou=%GROUP%,%DOMAIN% changetype: add objectClass: groupOfNames objectClass: top cn: AdminRole member: uid=swrbaadmin ,ou=%USER%,%DOMAIN% member: uid=swrbasch,ou=%USER%,%DOMAIN%
dn: cn=IflowUsers,ou=%GROUP%,%DOMAIN% changetype: add objectClass: groupOfNames objectClass: top cn: IflowUsers member: uid=swrbaadmin ,ou=%USER%,%DOMAIN%
member: uid=swrbasch,ou=%USER%,%DOMAIN% dn: cn=IflowGroups,ou=%GROUP%,%DOMAIN% changetype: add objectClass: groupOfNames objectClass: top cn: IflowGroups member: cn=AdminRole,ou=%GROUP%,%DOMAIN% member: cn=swrba_Exe,ou=%GROUP%,%DOMAIN% member: cn=Role,ou=%GROUP%,%DOMAIN% dn: cn=swrba_Exe,ou=%GROUP%,%DOMAIN% changetype: add objectClass: groupOfNames objectClass: top cn: swrba_Exe member: uid=swrbaadmin,ou=%USER%,%DOMAIN% dn: cn=Role,ou=%GROUP%,%DOMAIN% changetype: add objectClass: groupOfNames objectClass: top cn: Role member: uid=swrbaadmin,ou=%USER%,%DOMAIN%
Note that the %...% parts of the file should be replaced with the elements in the list below.
Replace Target List
Replace target symbol | Setting value after replacing |
|---|---|
%DOMAIN% | Public directory (Example) ou=interstage,o=fujitsu,dc=com Note: To setup after building LDAP, It is necessary to specify this setting value on LDAP key name when setup. |
%USER% | Organizational Units (OU) User ( if it is changed name in Creating an organizational unit (OU), specify changed name of Organizational Units (OU). (Example) User Note: To setup after building LDAP, It is necessary to specify "ou=<%USER% setting value>" in Organizational Units which stored user account. |
%GROUP% | Organizational Units (OU) Group ( if it is changed name in Creating an organizational unit (OU), specify changed name of Organizational Units (OU). (Example) Group Note: To setup after building LDAP, It is necessary to specify "ou=<%Group% setting value>" in Organizational Units which stored user account. |
Point
For the detail of object class and attribute which specified on setting example, refer to the "Interstage Directory Service Object Classes" and "Interstage Directory Service Attributes" in the Interstage Application Server Directory Service Operator's Guide.
Registering procedure
Register Organizational Unit, Group, and user on Interstage Directory Service.
Show the registering entry data example with using ldapmodify command and LDIF file as below.
[Windows]
ldapmodify -H ldap://<Interstage Directory Service host name>:<port number> -D "<administrator DN>" -w <password> -a -f <edited LDIF file > |
[Linux]
/opt/FJSVirepc/bin/ldapmodify -H ldap://<Interstage Directory Service host name>:<port number> -D "<administrator DN>" -w <password> -a -f <edited LDIF file> |
Example
Interstage Directory Service host name: hostname
Port number: 389
Manager DN: cn=manager, ou=interstage, o=fujitsu, dc=com
Manager DN password: password
Edited LDIF file: rbauser.ldif
ldapmodify -H ldap://hostname:389 -D "cn=manager,ou=interstage,o=fujitsu,dc=com" -w password -a -f rbauser.ldif |
/opt/FJSVirepc/bin/ldapmodify -H ldap://hostname:389 -D "cn=manager,ou=interstage,o=fujitsu,dc=com" -w password -a -f rbauser.ldif |
For the detail ldapmodify command, refer to the "Interstage Directory Service Operation Commands" in the Interstage Application Server Reference Manual (Command Edition).
To use ServerView Operations Manager Single Sign-On authentication, register user information with OpenDJ/OpenDS or Active Directory.
This section explains the procedure for registering users with OpenDJ/OpenDS.
This section explains how to register user information using LDIF files, which is one of the methods for registering users.
How to register user information using a sample LDIF file
This section explains how to register the user information required to create a Systemwalker Runbook Automation environment by using a sample LDIF file that defines the user information.
The sample LDIF file is stored in the following location:
[Windows]
<Installation directory for the Systemwalker Runbook Automation Management Server>\etc\sample\ldif[Linux]
/etc/opt/FJSVswrbam/sample/ldif/
LDIF file | Description |
|---|---|
swrba_svsso_sample.ldif | This is an LDIF file for creating users, groups and organizational units, and for adding users to groups. To use the authentication infrastructure for ServerView Operations Manager Single Sign-On, use this sample file. |
This sample file assumes the following LDAP configuration.
Edit the file according to the LDAP environment being used. Also, be sure to change the password for the process control user and the password for the schedule startup user.
Public directory | dc=fujitsu,dc=com |
Organizational unit that contains users | ou=users |
Organizational unit that contains groups | ou=Group |
Process control user | swrbaadmin |
Process control user password | systemwalker#1 |
Schedule startup user | swrbasch |
Schedule startup user password | systemwalker#2 |
Refer to "How to Create and Register LDIF File" for details on the content of LDIF files.
Use the ldapmodify command to register the definition information contained in the LDIF file with the LDAP directory:
[Windows]
<OpenDJ/OpenDS installation directory>\bat\ldapmodify.bat -p <port number> -Z -D <administrator DN> -w <password for the administrator DN> -f <name of the edited LDIF file> |
[Linux]
<OpenDJ/OpenDS installation directory>/bin/ldapmodify -p <port number> -Z -D <administrator DN> -w <password for the administrator DN> -f <name of the edited LDIF file> |
Example
Port number: 1474
Administrator DN: cn=Directory Manager,cn=Root DNs,cn=config
Password for the administrator DN: admin
Name of the edited LDIF file: rbauser.ldif
[Windows]
ldapmodify.bat -p 1474 -Z -D "cn=Directory Manager,cn=Root DNs,cn=config" -w admin -f rbauser.ldif |
[Linux]
ldapmodify -p 1474 -Z -D "cn=Directory Manager,cn=Root DNs,cn=config" -w admin -f rbauser.ldif |
How to register user information by creating a new LDIF file
This section explains how to create the following LDIF files that register the user information with LDAP.
Here we will create three LDIF files, but it is also possible to register the same information with LDAP by grouping all of the information into a single LDIF file.
This section explains the definitions for registering the following organizational units (OUs) with LDAP.
Name of the organizational unit to be created | Whether an arbitrary name can be specified |
|---|---|
Group | Yes |
User | Yes |
Point
Organization units (OUs) can be layered.
Create LDIF files to register organizational units in accordance with the settings examples.
The "users" group is created automatically when the repository is created.
To use this "users" group as the group for managing users, prepare an LDIF file that registers only the "Group" organizational unit, as below:
dn: ou=Group,%DOMAIN%
changetype: add
objectClass: organizationalUnit
ou: GroupTo use a group with a name other than "users" as the group for managing users, prepare an LDIF file that registers two organizational units (one for managing groups and the other for managing users), as below:
dn: ou=Group,%DOMAIN% changetype: add objectClass: organizationalUnit ou: Group dn: ou=<organizational unit name other than "users">,%DOMAIN% changetype: add objectClass: organizationalUnit ou: <organizational unit name other than "users">
Note that the %...% parts of the file should be replaced with the elements in the list below:
List of replacement elements
Replacement symbol | Setting after replacement |
|---|---|
%DOMAIN% | Public directory Example: dc=fujitsu,dc=com Note: To execute the setup after creating an LDAP directory, this setting must be specified for the LDAP key name when the setup is executed. |
This section explains the definitions for registering the following users with LDAP:
User name | Password | Description |
|---|---|---|
swrbaadmin | systemwalker#1 | The user that Systemwalker Runbook Automation requires in order to control processes. (Required) |
swrbasch (*1) | systemwalker#2 (*2) | The user that Systemwalker Runbook Automation requires in order to start Automated Operation Processes in accordance with the schedule. (Required) |
*1:
This is the recommended user name, but any name can be specified.
*2:
Systemwalker#1 and Systemwalker#2 are the default values. This can be changed to any password, except one containing $, \, ", and spaces.
Create an LDIF file to register users in accordance with the settings example.
Settings example
dn: cn=swrbaadmin ,ou=%USER%,%DOMAIN% changetype: add objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top cn: swrbaadmin sn: swrbaadmin givenName: swrbaadmin userPassword: systemwalker#1 uid: swrbaadmin dn: cn=swrbasch,ou=%USER%,%DOMAIN% changetype: add objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top cn: swrbasch sn: swrbasch givenName: swrbasch userPassword: systemwalker#2 uid: swrbasch
Note that the %...% parts of the file should be replaced with the elements in the list below:
List of replacement elements
Replacement symbol | Setting after replacement |
|---|---|
%DOMAIN% | Public directory Example: dc=fujitsu,dc=com Note: To execute the setup after creating an LDAP directory, this setting must be specified for the LDAP key name when the setup is executed. |
%USER% | The "users" organizational unit (OU) (If the name of the OU created in "Creating an organizational unit (OU)" has been changed, specify the new name.) Example: users Note: To execute the setup after creating an LDAP server, ou=<%USER% setting> must be specified in the organization unit settings for storing LDAP user accounts when the setup is executed. |
This section explains the definitions for registering the following groups:
Group name | Members |
|---|---|
AdminRole |
|
IflowUsers |
|
IflowGroups |
|
swrba_Exe |
|
Role |
|
Note
Do not assign any users other than the "swrbaadmin" user to the "swrba_Exe" group.
If users other than "swrbaadmin" are assigned to this group, problems may occur with the behavior of Automated Operation Processes.
Create an LDIF file for registering groups and adding users in accordance with the settings example.
Settings example
dn: cn=AdminRole,ou=%GROUP%,%DOMAIN% changetype: add objectClass: groupOfNames objectClass: top cn: AdminRole member: cn=swrbaadmin ,ou=%USER%,%DOMAIN% member: cn=swrbasch,ou=%USER%,%DOMAIN% dn: cn=IflowUsers,ou=%GROUP%,%DOMAIN% changetype: add objectClass: groupOfNames objectClass: top cn: IflowUsers member: cn=swrbaadmin ,ou=%USER%,%DOMAIN% member: cn=swrbasch,ou=%USER%,%DOMAIN% dn: cn=IflowGroups,ou=%GROUP%,%DOMAIN% changetype: add objectClass: groupOfNames objectClass: top cn: IflowGroups member: cn=AdminRole,ou=%GROUP%,%DOMAIN% member: cn=swrba_Exe,ou=%GROUP%,%DOMAIN% member: cn=Role,ou=%GROUP%,%DOMAIN% dn: cn=swrba_Exe,ou=%GROUP%,%DOMAIN% changetype: add objectClass: groupOfNames objectClass: top cn: swrba_Exe member: cn=swrbaadmin,ou=%USER%,%DOMAIN% dn: cn=Role,ou=%GROUP%,%DOMAIN% changetype: add objectClass: groupOfNames objectClass: top cn: Role member: cn=swrbaadmin,ou=%USER%,%DOMAIN%
Note that the %...% parts of the file should be replaced with the elements in the list below:
List of replacement elements
Replacement symbol | Setting after replacement |
|---|---|
%DOMAIN% | Public directory Example: dc=fujitsu,dc=com Note: To execute the setup after creating an LDAP server, this setting must be specified for the LDAP key name when the setup is executed. |
%USER% | The "users" organizational unit (OU) (If the name of the OU created in "Creating an organizational unit (OU)" has been changed, specify the new name.) Example: users Note: To execute the setup after creating an LDAP directory, ou=<%USER% setting> must be specified in the organization unit settings for storing LDAP user accounts when the setup is executed. |
%GROUP% | The "Group" organizational unit (OU) (If the name of the OU created in "Creating an organizational unit (OU)" has been changed, specify the new name.) Example: Group Note: To execute the setup after creating an LDAP directory, ou=<%GROUP% setting> must be specified in the LDAP organizational unit settings when the setup is executed. |
Register the organizational units, groups and users with OpenDJ/OpenDS.
The following example shows how to register entry data using the ldapmodify command and an LDIF file:
[Windows]
<OpenDJ/OpenDS installation directory>\bat\ldapmodify.bat -p <port number> -Z -D <administrator DN> -w <password for the administrator DN> -f <name of the edited LDIF file> |
[Linux]
<OpenDJ/OpenDS installation directory>/bin/ldapmodify -p <port number> -Z -D <administrator DN> -w <password for the administrator DN> -f <name of the edited LDIF file> |
Example
Port number: 1474
Administrator DN: cn=Directory Manager,cn=Root DNs,cn=config
Password for the administrator DN: admin
Name of the edited LDIF file: rbauser.ldif
ldapmodify.bat -p 1474 -Z -D "cn=Directory Manager,cn=Root DNs,cn=config" -w admin -f rbauser.ldif |
ldapmodify -p 1474 -Z -D "cn=Directory Manager,cn=Root DNs,cn=config" -w admin -f rbauser.ldif |
This section describes how to register users with Active Directory.
To register users with Active Directory, follow the steps below:
Creating an organizational unit (OU)
Create the organizational units (OUs) shown in the following table on Active Directory.
Name of the organizational unit to be created | Whether an arbitrary name can be specified |
|---|---|
Group | Yes |
User | Yes |
Point
Organizational units (OUs) can be layered.
Follow the steps below to register the organizational unit.
Select Control Panel, Administrative Tools, and then Active Directory Users and Computers from the Start menu.
Right-click the domain name managed by the Active Directory domain controller, and select New and then Organizational Unit.
In the New Object - Organizational Unit window, enter the name of the organizational unit (OU) shown in the table above, and then click the OK button.
Create all organizational units by repeating steps 2 and 3.
Creating users
Register the users shown in the following table on Active Directory.
Last name | First name | Initials | User logon name | Password | Whether to select check boxes in the password input window (*1) | Description |
|---|---|---|---|---|---|---|
swrbaadmin | Blank | Blank | swrbaadmin | systemwalker#1 | D: User must change password at next logon | User for process control (required) |
swrbasch (*2) | Blank | Blank | swrbasch (*2) | systemwalker#2 (*3) | D: User must change password at next logon | User for schedule startup (mandatory) |
*1: Select this check box O: Selecting this check box is optional D: Clear this check box
*2: This is the recommended value, but any value can be specified
*3: Systemwalker#1 and Systemwalker#2 are the default values, but any value can be specified
Follow the steps below to register users:
Select Control Panel, Administrative Tools, and then Active Directory Users and Computers from the Start menu.
Right-click the "User" organizational unit (OU), and select New and then User. If the name of the OU created in "Creating an organizational unit (OU)" has been changed, then specify the new name.
In the New Object - User window, enter the "Last name", "First name", "Initials" and "User logon name" fields as shown in the table above, and then click the Next button.
In the password window, select the check boxes as shown in the table above, and then click the Next button.
In the confirmation window, click the OK button.
Creating groups and adding users
Register the groups shown in the following table on Active Directory, and add users to these groups.
Group name | Group scope | Group type | Members |
|---|---|---|---|
AdminRole | Global | Security |
|
IflowUsers | Global | Distribution |
|
IflowGroups | Global | Distribution |
|
swrba_Exe | Global | Security | swrbaadmin |
Role | Global | Security | swrbaadmin |
Note
Not attach user except of swrbaadmin in swrba_Exe group.
If you attach except of swrbaadmin user, it may occur error on Automated Operation Process
Set swrbaadmin user as a member of Administrators group.
Follow the steps below to register groups and add users:
Select Control Panel, Administrative Tools, and then Active Directory Users and Computers from the Start menu.
Right-click the "Group" organizational unit (OU), and select New and then Group. If the name of the OU created in "Creating an organizational unit (OU)" has been changed, then specify the new name.
In the New Object - Group window, enter the Group name, Group scope, and Group type items as shown in the table above, and then click the OK button.
Right-click one of the groups that have been created and then select Properties.
Select the Member Of tab and click the Add button.
In the Select Users, Contacts, Computers or Groups window, set the Enter the object names to select field to the users in the "Members" column of the table above, and then click the OK button.
Separate users with semicolons (;).
In the group properties window, ensure that the group members have been added correctly, and then click the OK button.
Register all groups by repeating steps 2 to 7.
Note
It may take up to 90 minutes for the registration results to be reflected in the repository. To reflect the registration results immediately, restart Systemwalker Runbook Automation.
To use authentication via LDAP, register user information in accordance with the directory service being used.
Refer to "3.1.6.1.1 Registering User information with the Interstage Directory Service" for information on registering information with the Interstage Directory Service.
This section describes how to register users with OpenLDAP.
To register users with OpenLDAP, follow the steps below:
Building public directory and creating manager DN
Follow the steps below to create a public directory of OpenLDAP and register an administrator DN.
Note
This procedure is not required if a public directory has already been created and an administrator has been registered.
Create an LDIF file.
If public directory contains organizational unit (OU), it is necessary to create organizational unit (OU).
After it, Create LDAP administrator
The file has the syntax below:
dn: <public directory > objectClass: organizationalUnit ou: <Organization name> dn: cn=<LDAP administrator name>,<public directory name > objectClass: organizationalRole cn: <LDAP administrator name> |
An example is displayed below:
dn: ou=interstage,o=fujitsu,dc=com |
Register the domain and administrator with OpenLDAP:
Execute the following command to register the domain and administrator with OpenLDAP.
ldapadd -x -W -D "cn=< LDAP administrator>,<Public directory>" -f <LDIF file created> |
Note: The user will be prompted for the LDAP administrator password.
Creating an organizational unit (OU)
Create the organizational units (OUs) shown in the following table on OpenLDAP.
Name of the organizational unit to be created | Whether an arbitrary name can be specified |
|---|---|
Group | Yes |
User | Yes |
Point
Organizational units (OUs) can be layered.
Follow the steps below to register an organizational unit:
Create an LDIF file.
The file has the syntax below:
dn: ou=Group,%DOMAIN% |
Note that the %...% parts of the file should be replaced with the elements in the list below.
List of replacement elements
Replacement symbol | Setting after replacement |
|---|---|
%DOMAIN% | <Public directory> (Example) ou=interstage,o=fujitsu,dc=com Note: To execute the setup after creating an LDAP directory, this setting must be specified for the LDAP key name when the setup is executed. |
Register the organizational unit (OU) on OpenLDAP:
Execute the following command to register the organizational unit (OU) on OpenLDAP:
ldapadd -x -W -D "cn=<Name of the LDAP administrator>,<Public directory>" -f <Name of the LDIF file created> |
Note: The user will be prompted for the LDAP administrator password.
Creating users
Register the users shown in the following table on OpenLDAP.
User name | Password | Description |
|---|---|---|
swrbaadmin | systemwalker#1 | The user required for Systemwalker Runbook Automation to control processes (Required) |
swrbasch (*1) | systemwalker#2 (*2) | User required by Systemwalker Runbook Automation to start automated operation process according to a schedule (mandatory) |
*1: This is the recommended value, but any value can be specified
*2: Systemwalker#1 and Systemwalker#2 are the default values, but this can be changed to any password, except one containing $, \, ", and spaces
Follow the steps below to register users.
Create an LDIF file.
In the following specification example, the default user IDs and passwords listed in the table above are specified as the user IDs and passwords.
dn: uid=swrbaadmin,ou=%USER%,%DOMAIN% |
Note that the %...% parts of the file should be replaced with the elements in the list below.
List of replacement elements
Replacement symbol | Setting after replacement |
|---|---|
%DOMAIN% | <Public directory> (Example) ou=interstage,o=fujitsu,dc=com Note: To execute the setup after creating an LDAP directory, this setting must be specified for the LDAP key name when the setup is executed. |
%USER% | The "User" organizational unit (OU) (If the name of the OU created in "Creating an organizational unit (OU)" has been changed, specify the new name.) (Example) User Note: To execute the setup after creating an LDAP directory, ou=<%USER% setting> must be specified in the organizational unit settings for storing LDAP user accounts when the setup is executed. |
Register the users on OpenLDAP:
Execute the following command to register the user on OpenLDAP.
ldapadd -x -W -D "cn=< LDAP administrator>,<Public directory>" -f <LDIF file created> |
Note: The user will be prompted for the LDAP administrator password.
Creating groups and adding users
Register the groups shown in the following table on OpenLDAP, and add users to these groups.
Group name | Members |
|---|---|
AdminRole |
|
IflowUsers |
|
IflowGroups |
|
swrba_Exe |
|
Role |
|
IFlowPublishers |
|
Note
Not attach user except of swrbaadmin in swrba_Exe group.
If you attach except of swrbaadmin user, it may occur error on Automated Operation Process
Follow the steps below to register groups and add users.
Create an LDIF file.
In the following specification example, the default user IDs and passwords listed in the table above are specified as the user IDs and passwords.
Specification example
dn: cn=AdminRole,ou=%GROUP%,%DOMAIN% |
Note that the %...% parts of the file should be replaced with the elements in the list below.
List of replacement elements
Replacement symbol | Setting after replacement |
|---|---|
%DOMAIN% | <Public directory> (Example) ou=interstage,o=fujitsu,dc=com Note: To execute the setup after creating an LDAP directory, this setting must be specified for the LDAP key name when the setup is executed. |
%USER% | The "User" organizational unit (OU) (If the name of the OU created in "Creating an organizational unit (OU)" has been changed, specify the new name.) (Example) User Note: To execute the setup after creating an LDAP directory, ou=<%USER% setting> must be specified in the organizational unit settings for storing LDAP user accounts when the setup is executed. |
%GROUP% | The "Group" organizational unit (OU) (If the name of the OU created in "Creating an organizational unit (OU)" has been changed, specify the new name.) (Example) Group Note: To execute the setup after creating an LDAP directory, ou=<%GROUP% setting> must be specified in the LDAP organization unit settings when the setup is executed. |
Register the groups and users on OpenLDAP:
Execute the following command to register the organizational unit (OU), groups and users on OpenLDAP.
ldapadd -x -W -D "cn=<LDAP administrator>,<Public directory>" -f <LDIF file created> |
Note: The user will be prompted for the LDAP administrator password.