Set up ServerView Operations Manager and the Directory Service Environment.
The following settings can be made for coordination of Resource Orchestrator and a directory service.
Whether user operations performed from Resource Orchestrator are reflected on the directory service or not is determined by the settings in the directory service operation definition file (ldap_attr.rcxprop).
For details, refer to "6.6.1 Settings for Tenant Management and Account Management" in the "Operation Guide CE". By default, the operation content is reflected on the directory service.
User information of Resource Orchestrator is created in the following location.
When Using Active Directory
cn=Users,Base_DN
When Using OpenDS
cn=Users,Base_DN
When using a user account of the existing directory service as the user of Resource Orchestrator, edit the directory service operation definition file so that the operation content will not be reflected.
Note
If the directory service operation file defines the setting which reflects the operation content, when the user is deleted from Resource Orchestrator, corresponding user account of the directory service is deleted as well. Be careful when using an existing directory service for user management on the other system.
When installing ServerView Operations Manager, specify the following items related to the directory service.
Select Directory Server
Select "Other directory server".
Directory Service Settings
Host
The fully-qualified name of the server on which Active Directory is running.
Port
The port number used for access to Active Directory. Specify the port number for SSL communication.
SSL
Select "Yes".
SVS Base DN
Set the highest level of the Active Directory tree.
Example
DC=fujitsu,DC=com |
User Search Base
The starting point for the user search in Active Directory.
Example
CN=Users,DC=fujitsu,DC=com |
User Search Filter
The filter for user searches.
Specify the sAMAccountName attribute or cn attribute. Specify the same value as the value of the attribute specified for the User Search Filter as the value of the User ID of all the users of Resource Orchestrator.
When using the application process, set the sAMAccountName attributes.
sAMAccountName=%u |
User
Specify a user account with write privileges for Active Directory.
Example
CN=Administrator,CN=Users,DC=fujitsu,DC=com |
Password / Confirm password
Specify the password of the user who specified it as the "User".
For more details, refer to the following manual.
"Menu-Driven Installation of the Operations Manager Software" in the "ServerView Suite ServerView Operations Manager Installation Guide"
For details on how to change the directory service of ServerView Operations Manager, refer to the following manual.
"Configuring directory service access" in "ServerView Suite User Management in ServerView"
When setting up Resource Orchestrator, it is necessary to establish communication beforehand, since communication between the manager and the directory service requires LDAP (Lightweight Directory Access Protocol) of the TCP/IP protocol protected by SSL. Use tools or commands to check communications.
For details, refer to the Microsoft web site below.
How to enable LDAP over SSL with a third-party certification authority
URL: http://support.microsoft.com/kb/321051/en/ |
In the "Resource" tab of the ROR console, you can open the screen of ServerView Operations Manager using the function to open the server management screen. This section explains how to set up Single Sign-on. You can use it access the server management screen of ServerView Operations Manager without being prompted to log in.
Assign roles to users on ServerView Operations Manager.
Assign roles to users in the following procedure.
ServerView Operations Manager V5.5 or later
Execute the rcxadm user command and register a user.
The user is registered in the directory service
Start the "User Management Wizard" of ServerView Operations Manager.
The user registered in 2. is displayed in the list. Assign a suitable role to the user.
For details on the "User Management Wizard", refer to the following manual.
"ServerView user management with OpenDS" in "ServerView Suite User Management in ServerView"
Versions Earlier Than ServerView Operations Manager V5.5
Execute the rcxadm user command and register a user.
The user is registered in the directory service
Create an ldif file.
An example of how to assign the Administrator role to the "rormanager" user account is indicated below.
dn: cn=Administrator,OU=AuthorizationRoles,OU=CMS,OU=Departments,OU=SVS,dc=fujitsu,dc=com |
Execute the OpenDS ldapmodify command to register the ldif file created in 3. with the directory service.
Set the Java SE 6 path for the environment variable JAVA_HOME, before executing the ldapmodify command of OpenDS. Example:
[Windows]
>"C:\Program Files\Fujitsu\ServerView Suite\opends\bat\ldapmodify.bat" -p 1473 -f user.ldif -D "cn=Directory Manager" -w admin -c <RETURN> |
[Linux]
# /opt/fujitsu/ServerViewSuite/opends/bin/ldapmodify -p 1473 -f user.ldif -D "cn=Directory Manager" -w admin -c <RETURN> |
The meanings of the options of the ldapmodify command are as follow.
-p: the port number when not using SSL communications in the OpenDS (the default value is 1473).
-f: the ldif file
-D: the OpenDS administrator user DN("cn=Directory Manager")
-w: the password of the OpenDS administrator user DN.
Refer to the following manual.
"Integrating ServerView user management into Microsoft Active Directory" of the "ServerView Suite User Management in ServerView"
When using the OpenDS bundled with ServerView Operations Manager, back up the user information before uninstalling ServerView Operations Manager, if it becomes necessary to install ServerView Operations Manager again.
Restore the user information in OpenDS, after installing ServerView Operations Manager again.
For details on the backup and restore of OpenDS, refer to the ServerView Operations Manager manual.
