By default, when Resource Orchestrator users perform operations, updated information is also reflected on the directory service.
User information of Resource Orchestrator is created in the following location.
When using the directory services provided with ServerView Operations Manager
ou=users,Base_DN
When using Active Directory
cn=Users,Base_DN
The reflected information is as follows:
User Registration Information for Resource Orchestrator | User Entry Class and Attribute of Directory Service | |
|---|---|---|
Directory Services Provided with ServerView Operations Manager | Active Directory | |
(User entry class) | inetOrgPerson | user |
User ID | cn | cn |
Password | userPassword | unicodePwd |
Email address | Not reflected | Not reflected |
Company name or organization name | Not reflected | Not reflected |
Email address (for emergencies) | Not reflected | Not reflected |
Telephone number | Not reflected | Not reflected |
Description | Not reflected | Not reflected |
First name | Not reflected | Not reflected |
Family name | Not reflected | Not reflected |
(Active Directory user account properties) | None | NORMAL_ACCOUNT for userAccountControl (General users) |
User Groups | Not reflected | Not reflected |
Role Names | Not reflected | Not reflected |
Access Scope | Not reflected | Not reflected |
The administrator user (privileged user) specified when installing Resource Orchestrator is not reflected on the directory service.
Register administrator users in the directory service, referring to "12.3 Registering Administrators".
When using the user account information of the existing directory service for user authentication in Resource Orchestrator, if reflection of user operation details on the directory service is not necessary, the settings can be changed.
Use the following procedure to edit the directory service operation definition file (ldap_attr.rcxprop).
Stop the manager.
Edit the directory service operation definition file (ldap_attr.rcxprop)).
directory_service=false |
Start the manager.
For details, refer to "8.6.1 Settings for Tenant Management and Account Management" in the "Operation Guide CE".
Note
If the directory service operation definition file includes the setting which reflects the content of operations, when a user is deleted from Resource Orchestrator, the corresponding user account will be deleted from the directory service as well. Exercise caution when using an existing directory service for user management on another system.
User operations on the directory server affect user management in Resource Orchestrator, regardless of the directory service operation definition file configuration.
User operations on the directory server means user account operations on Active Directory or user operations using the user management wizard of ServerView Operations Manager.
When Users are Deleted
Login to the manager is not possible.
When Passwords are Modified
Specify the new password when logging into the manager.
