You can configure the protocol to use when connecting to Active Directory. By default, when vRealize Log Insight connects to Active Directory, it first tries SSL LDAP, and then non-SSL LDAP if necessary.
About this task
If you want to limit the Active Directory communication to one particular protocol, or want to change the order of protocols that are tried, you must apply additional configurations in the vRealize Log Insight virtual appliance.
Verify that you have the root user credentials to log in to the vRealize Log Insight virtual appliance. See Configure the Root SSH Password for the vRealize Log Insight Virtual Appliance
To enable SSH connections, verify that TCP port 22 is open.
- Establish an SSH connection to the vRealize Log Insight virtual appliance and log in as the root user.
- Navigate to the following location: /storage/var/loginsight/config
- Locate the latest configuration file where [number] is the largest: /storage/core/loginsight/config/loginsight-config.xml#[number]
- Copy the latest configuration file: /storage/core/loginsight/config/loginsight-config.xml#[number]
- Increase the [number] and save to the following location: /storage/core/loginsight/config/loginsight-config.xml#[number + 1]
- Open the file for editing.
- In the
Authenticationsection, add the line that corresponds to the configuration that you want to apply:
<ad-protocols value="LDAP" />
For specifically using LDAP without SSL
<ad-protocols value="LDAPS" />
For specifically using LDAP with SSL only
<ad-protocols value="LDAP,LDAPS" />
For specifically using LDAP first and then using LDAP with SSL.
<ad-protocols value="LDAPS,LDAP" />
For specifically using LDAPS first and then using LDAP without SSL
When you do not select a protocol, vRealize Log Insight attempts to use LDAP first, and then uses LDAP with SSL.
- Save and close the file.
- Run the service loginsight restart command.