You can configure the protocol to use when connecting to Active Directory. By default, when vRealize Log Insight connects to Active Directory, it first tries SSL LDAP, and then non-SSL LDAP if necessary.

About this task

If you want to limit the Active Directory communication to one particular protocol, or want to change the order of protocols that are tried, you must apply additional configurations in the vRealize Log Insight virtual appliance.

Prerequisites

Procedure

  1. Establish an SSH connection to the vRealize Log Insight virtual appliance and log in as the root user.
  2. Navigate to the following location: /storage/var/loginsight/config
  3. Locate the latest configuration file where [number] is the largest: /storage/core/loginsight/config/loginsight-config.xml#[number]
  4. Copy the latest configuration file: /storage/core/loginsight/config/loginsight-config.xml#[number]
  5. Increase the [number] and save to the following location: /storage/core/loginsight/config/loginsight-config.xml#[number + 1]
  6. Open the file for editing.
  7. In the Authentication section, add the line that corresponds to the configuration that you want to apply:

    Option

    Description

    <ad-protocols value="LDAP" />

    For specifically using LDAP without SSL

    <ad-protocols value="LDAPS" />

    For specifically using LDAP with SSL only

    <ad-protocols value="LDAP,LDAPS" />

    For specifically using LDAP first and then using LDAP with SSL.

    <ad-protocols value="LDAPS,LDAP" />

    For specifically using LDAPS first and then using LDAP without SSL

    When you do not select a protocol, vRealize Log Insight attempts to use LDAP first, and then uses LDAP with SSL.

  8. Save and close the file.
  9. Run the service loginsight restart command.