You can configure the protocol to use when connecting to Active Directory. By default, when VMware Aria Operations for Logs connects to Active Directory, it first tries SSL LDAP, and then non-SSL LDAP if necessary.
If you want to limit the Active Directory communication to one particular protocol, or want to change the order of protocols that are tried, you must apply additional configurations in the VMware Aria Operations for Logs virtual appliance.
Prerequisites
- Verify that you have the root user credentials to log in to the VMware Aria Operations for Logs virtual appliance.
- To enable SSH connections, verify that TCP port 22 is open.
Procedure
- Establish an SSH connection to the VMware Aria Operations for Logs virtual appliance and log in as the root user.
- Navigate to the following location: /storage/core/loginsight/config
- Locate the latest configuration file where [number] is the largest: /storage/core/loginsight/config/loginsight-config.xml#[number]
- Copy the latest configuration file: /storage/core/loginsight/config/loginsight-config.xml#[number]
- Increase the [number] and save to the following location: /storage/core/loginsight/config/loginsight-config.xml#[number + 1]
- Open the file for editing.
- In the
Authentication section, add the line that corresponds to the configuration that you want to apply:
| Option |
Description |
<ad-protocols value="LDAP" /> |
For specifically using LDAP without SSL |
<ad-protocols value="LDAPS" /> |
For specifically using LDAP with SSL only |
<ad-protocols value="LDAP,LDAPS" /> |
For specifically using LDAP first and then using LDAP with SSL. |
<ad-protocols value="LDAPS,LDAP" /> |
For specifically using LDAPS first and then using LDAP without SSL |
When you do not select a protocol,
VMware Aria Operations for Logs attempts to use LDAP first, and then uses LDAP with SSL.
- Save and close the file.
- Run the service loginsight restart command.
