LDAP

You can integrate LDAP with your Open Manage Network Manager installation in the Portal Settings > LDAP tabs. See LDAP Portal Settings for more about LDAP integration in addition to what follows. 1

Before enabling LDAP server in Portal, you must create and assign one user from LDAP server as Portal administrator. You will not be able to access control panel without administrator role. See How to:Make an LDAP Admin User below for details.

Make sure Import at Startup is turned off and in Password Policies, edit the default password policy and make sure that Change Required is off.

Notice that several test buttons appear in the LDAP screens, for example, Test LDAP Connection. Use these to validate your entries as you make them.

Click Add under LDAP Servers to add the specifications of your LDAP server. After configuring your LDAP server, restart the Open Manage Network Manager server, and attempt to log in as an LDAP user.

LDAP Server Settings

The following settings are required (the values below are examples, only):

Connection

Base Provider URL : ldap://192.168.50.25:389

Base DN : dc=dorado-exchange,dc=oware,dc=net

Principal: dorado@dorado-exchange.oware.net

The Principal user must have the necessary administrator rights in Active Directory Server or any other LDAP server

Credentials: ********

Users

Authentication Search Filter:(sAMAccountName=@screen_name@)

Import Search Filter: (objectClass=person)

User Mapping

Screen Name: sAMAccountName

In the Portal Settings > Authentication > LDAP tab:

Authentication

Enabled

Import / Export

Import Enabled

Import on Startup Disabled

Make an LDAP Admin User

All users imported from an LDAP server default to the Poweruser role. The default Open Manage Network Manager (login/password: admin/admin) cannot log into Open Manage Network Manager once you enable authentication through LDAP. Therefore you must manually assign one user from the LDAP server as Portal administrator. Here is an example of an LDAP database user with Administrator privileges:

Screen name: ITAdmin

User password: ITPassword

First Name: Scott

Last Name: Smith

Email: scott@dellhardware.com

You cannot import users without these five attributes into Open Manage Network Manager from an LDAP source.

Creating user ITAdmin with Administrator role:

1. As an Admin user, Go to > Control Panel.

2. Under the Portal category, click Users, then click the Add button.

3. Fill out the User form with name and email address and so on. Remember: screen name, first name, and email address are required. Open Manage Network Manager LDAP import will not overwrite existing users.

4. When you are finished, click Save.

5. A message appears saying that the save was successful.

6. Select the Password, enter password: ITPassword then click Save.

7. Click the Roles link. A screen appears showing the roles to which your ID is currently assigned. By default, all users are assigned the Power User role.

8. Remove the default PowerUser role (optional), and add the administrator role for the user, then click Save.

Now you can enter LDAP server information. Please be patient, your changes may take a while to take effect.

Stopping LDAP Authentication

1. To stop authenticating through LDAP, log in as the admin user with ITAdmin/ITPassword.

2. In control panel go to Portal > Portal Setting > Authentication > LDAP and uncheck the Enabled then Save.

3. After your changes have taken effect, Users can login only with credentials that exist on the Open Manage Network Manager database




  1. For more information about LDAP capabilities generally, consult Liferay’s LDAP documents.