You can configure the vRealize Hyperic server to use LDAP authentication for new users, and to assign user roles based on LDAP group membership.

Procedure

  1. On the Admin tab, click HQ Server Settings.
  2. In the LDAP Configuration Properties section, enter appropriate values for the following properties.

    Property

    Description

    Use LDAP Authentication

    Select the checkbox to enable LDAP authentication.

    URL

    Enter the location of your LDAP or Active Directory server. If other than the standard LDAP port is used, specify it the URL. Add the port to the end of the URL, after a colon (:) character. For example, ldap://YourLDAPHost:44389.

    If your LDAP directory requires SSL, specify the SSL port in the URL.

    SSL

    Select the checkbox if your LDAP directory requires SSL connections.

    Username

    Supply an LDAP username with sufficient privileges to view the sections of the directory that contain the information for LDAP users who will access vRealize Hyperic. (This property is not necessary if the LDAP directory allows anonymous searching. This is not something that is common in secure environments.)

    Password

    Supply the password for the LDAP user specified in Username.

    Search Base

    (Mandatory) The Search Base property, sometimes referred to as the suffix, defines the location in the LDAP directory from which the LDAP user search begins. Supply the full path to the branch for example, ou=people,dc=example,dc=com

    Consult your LDAP administrator if necessary.

    Search Filter

    Optionally, enter a filter to limit the LDAP user search to a subset of the object identified by the Search Base property. For example, (!(location=SFO*)).

    Login Property

    (Mandatory) Specify the LDAP property (for an LDAP user) that vRealize Hyperic will use as the username for the user's vRealize Hyperic account. The default value is cn. Depending on your LDAP environment, a different property, for example, uid, might be appropriate.

    Group Search Base

    For vRealize Hyperic to automatically assign vRealize Hyperic roles to new users, supply a value for this property. The property defines the location in the LDAP directory from which the LDAP group search begins.

    Search Subtree

    If you have configured the Group Search Base property, select the checkbox to enable search of the entire subtree of the object identified by Group Search Base.

    Group Search Filter

    If you have configured the Group Search Base property, enter a filter to limit the LDAP group search to a subset of the objects found in the group search.

    The default value Member={0}, results in filtering by the full distinguished name of a user.

    To filter by user login name, setMember={1}.

  3. Click OK.