You can enable users to log in to Sentinel Log Manager by using their Novell eDirectory™ username or Microsoft Active Directory* sAMAccountName and password. You do this by configuring a Sentinel Log Manager server for LDAP authentication.
NOTE:LDAP authentication is currently supported only on Linux systems that have Sentinel Log Manager 1.0.0.4 or later installed.
To configure a Sentinel Log Manager server for LDAP authentication:
Log in to the Sentinel Log Manager server as the novell user:
su - novell
Change to the following directory:
Install_Directory/bin
Run the ldap_auth_config.sh script:
./ldap_auth_config.sh
Specify the following information:
Press Enter to accept the default value suggested in the brackets [ ] or enter a new value to override the default value.
Parameter |
Description |
---|---|
Sentinel Log Manager install location |
The default location of Sentinel Log Manager server installation directory is /opt/novell/Sentinel_log_mgr_1.0_x86-64 |
LDAP directory |
The value is 1 for Novell eDirectory or 2 for Active Directory. The default value is 1. |
LDAP server hostname or IP address |
The hostname or the IP address of the machine where the LDAP server is installed. The default value is localhost. |
Use SSL/TLS (secured or non-secured LDAP connection port ) |
Enter one of the following:
|
LDAP server port |
The default port number for a secured LDAP connection is 636. The default port number for a non-secured LDAP connection is 389. |
LDAP subtree to search for users |
The subtree in the directory that has the user objects. The following are examples for specifying subtree in eDirectory and Active Directory:
|
Filename of the LDAP server certificate This parameter is displayed only if you have specified ‘y’ for Use SSL/TLS. |
The filename of the eDirectory/Active Directory CA certificate that you have copied in Step 4. |
Enter one of the following:
y to accept the values.
n to enter new values.
q to quit the configuration.
Enter y to restart the Sentinel Log Manager server.
Log in to Sentinel Log Manager as admin. Create a Directory user and select the directory authentication type to authenticate with an existing user’s LDAP credentials.
For more information about creating a user, see Adding a User.
You have successfully configured Sentinel Log Manager server for LDAP authentication, and users can log in to Sentinel Log Manager by using an eDirectory username or Active Directory sAMAccountName and password.
To modify an existing LDAP authentication configuration for a Sentinel Log Manager server:
Log in to a Sentinel Log Manager server as the novell user:
su - novell
Change to the Install_Directory/config directory:
cd Install_Directory/config
Modify the LdapLogin entry in the auth.login file of the Install_Directory/config directory.
Modify the .activemqkeystore.jks file in the Install_Directory/config directory.
Perform Step 1 through Step 7 in Section 8.4, Configuring Sentinel Log Manager Server for LDAP Authentication.
IMPORTANT:Modifying the auth.login or .activemqkeystore.jks incorrectly causes LDAP authentication to fail. The user can also modify the .activemqkeystore.jks file with the java keytool utility available in the Install_Directory/jre/bin directory.