Parameters for directory service

ServerView Operations Manager makes use of a directory service, which stores information for authorization.

By default, Operations Manager installs its own directory service, OpenDJ.

Alternatively you may use your own directory service. Alternatively the use of Microsoft Active Directory Service is supported.

During installation of Operations Manager you can specify further parameters for

Installation via the install.sh script

Two options are available: Either invoke a dialog or specify all parameters in command line.

Invoking a dialog

The dialog is not displayed by default. It is invoked by specifying an option in the command line.

install.sh -d|--ds-dialog

This starts the dialog for you to enter parameters for the directory service. The dialog will be as follows:

Specify parameters for directory service:

Currently only Active Directory is supported).

Host?:

Port?:

Use a LDAP backup server (yes|no)?:

If you answer with yes, the following parameter is displayed:

LDAP backup server?:

SSL (yes|no; recommended: yes)?:

Base DN?:

User Search Base (e.g. CN=Users)?:

User Search Filter (e.g. sAMAccountName=%u)?:

User?:

Password?:

Do you want to configure a warning for the case of a user's password expiry? (yes|no):

Answering with "yes" invokes the following dialog which allows you to enter the parameters for the LDAP Password Policy Enforcement (LPPE):

3.8 Installing the Operations Manager software

3 Installing ServerView Operations Manager

Configuring the first three of the following parameters enables the LPPE, which is disabled by default. The fourth parameter is optional. LPPE handles a variety of login exceptions which would otherwise prevent user authentication. For more information see the manual "User Management in ServerView".

Domain Distinguished Name (Example:

dc=example,dc=com)

Number of days a password is valid (e.g.: 90)?:

Number of days a user is warned before the password expiry (e.g.: 30)?:

Do you want to specify an URL to which the user will be redirected in order to change the password?

(yes|no)?:

Answering with "yes",displays the following prompt:

URL to which the user will be redirected in orderto change the password?:

For each of the above parameters you must confirm your input as follows (example):

Host?: xxxxx

Host specified: xxxxx , ok? (yes|no): no Host?: xxxxxy

Host specified: xxxxxy, ok? (yes|no): yes Then the next parameter will be displayed.

Command line interface

You can specify the following parameters via the command line interface:

install.sh --ds-host <hostname>

--ds-port <port> --ds-backup <yes|no>

--ds-backup-host <backup host name>

--ds-ssl <yes|no> --ds-basedn <dn>

--ds-user-searchfilter <user search filter>

--ds-domain <Domain Distinguished Name>

--ds-val-days <days>

--ds-warn-days <days>

--ds-pw-url <URL>

--ds-host <hostname>

Fully-qualified name of the server on which the directory service is

running.The fully qualified name is an unambiguous name which specifies the system in the network. It is important that this name can be always properly resolved! This can occur by use of an DNS or NIS server, or by appropriate entries in the hosts file of the central management station. If you are not sure whether you can provide for a proper name resolution, you can issue the system's IP address here.

--ds-port <port>

Port number used for access to the directory service. By default, port 389 is used for LDAP and port 636 is used for LDAPS (i.e. LDAP with SSL).

--ds-backup <yes|no>

You can specify if a backup server for LDAP is used (yes) or not (no). If you answer with yes, the following parameter can be set:

--ds-backup-host <backup host name>

Fully-qualified server name on which a backup for the directory service is running.

--ds-ssl <yes | no>

yes is enabled by default to protect the data transfer with SSL encryption.

It is recommended that you always protect the connection to the directory service, as the user passwords transferred via this connection are not separately encrypted. Bear in mind, however, that Microsoft Active Directory does not offer SSL encryption as standard; a certificate must be installed on the Windows server system for this purpose. For further details, see "User Management in ServerView" user guide (section "Integrating ServerView user management into Microsoft Active Directory").

3.8 Installing the Operations Manager software

3 Installing ServerView Operations Manager

--ds-basedn <dn>

Base directory for the ServerView authorization data, e.g.

OU=application,DC=fujitsu,DC=com. You can specify any directory in the Active Directory here. The Operations Manager setup procedure generates an LDIF file for importing the authorization data, which you must then import after the Operations Manager installation. For further details, see

"User Management in ServerView" user guide (section "Integrating ServerView user management into Microsoft Active Directory").

--ds-user <username>

User ID for read access to the data. The user ID should only have basic read rights. This password is stored in a text file so only a user with simple read access should be chosen. The user ID should be specified in the notation USERNAME@DOMAIN, as displayed in the Active Directory in the user’s account settings under User logon name.

--ds-password <password>

Password for read access.

--ds-user-searchbase <searchbase>

Starting point for the user search in the directory server e.g.

CN=Users,DC=fujitsu,DC=com.

--ds-user-searchfilter <user search filter>

Filter for user search, e.g. sAMAccountName=%u.

--ds-domain <Domain Distinguished Name>

Base directory for LPPE settings e.g. dc=example,dc=com --ds-val-days <days>

Number of days a password is valid --ds-warn-days <days>

Number of days a user is warned before the password expires.

--ds-pw-url <URL>

Optional. URL to which the user will be redirected in order to change the password, e.g. https://www.myurl.com

Parameters in the configuration file

The file /etc/fujitsu/ServerViewSuite/ServerView/global.conf contains parameters for the configuration of the active directory service. Please do not change these parameters for the directory service manually. You may specify them during installation/upgrade as parameters or dialog to the script install.sh. You may change them any time by calling the script ChangeComputerDetails.sh.