IBM Tivoli Monitoring > Version 6.3 Fix Pack 2 > Administrator's Guide > Enable user authentication > LDAP user authentication using Microsoft Active Directory > User scenarios > Authenticate monitoring server userids with Microsoft Active Directory
IBM Tivoli Monitoring, Version 6.3 Fix Pack 2
Putting the pieces together
Figure 1 shows the monitoring server's LDAP settings that allow you to log in as either sysadmin or bjoern (only these users are defined to the monitoring server).If you need to activate Secure Sockets Layer, SSL, security for the Tivoli Monitoring-to-Active Directory communications, see Securing communications. Also ensure you have at hand the parameter values listed in Table 3.
Figure 1. Monitoring server's LDAP parameters
The following are some of the more important parameters shown in Figure 1:
Once you have gotten your parameters defined right, use the grep command to search for the string LDAP in the monitoring server's log file to verify that there are no error messages. Optionally, you can use the ldapsearch utility to test your parameters without starting the monitoring server: if ldapsearch does not return output similar to that shown in Figure 2, your input is incorrect. You should verify your site's LDAP parameters before restarting the monitoring server, as an incorrect LDAP configuration will prevent users from logging in.
- Enter required LDAP user filter
- This parameter says to search for the mail parameter within the User object.
This is why you included the email address in the user's Active Directory entry.
- %v
- Is a variable that Tivoli Monitoring replaces with the userid entered on the login screen.
- LDAP base
- Is the complete Base DN listed in Browsing Active Directory.
If IBM Tivoli Monitoring complains that the user entered the wrong password, this is a sign that the wrong LDAP Base DN was specified here, in which case Tivoli Monitoring starts its search at the wrong LDAP location.
- LDAP bind ID
- Enter the Distinguished Name for a user that has read permission to the entire Base DN where Tivoli Monitoring will begin searching for its users.
It is not enough to enter only the user name, for example, sysadmin.
Figure 2. ldapsearch results for monitoring server userids
Parent topic:
Authenticate monitoring server userids with Microsoft Active DirectoryPrevious topic: Browsing Active Directory