Registering an LDAP search user account

Ops Center Automator Installation and Configuration Guide
Version
11.0.x
Audience
anonymous
Part Number
MK-99AUT000-24

Use the hcmds64ldapuser command to register an LDAP search user account on the management server.

  • Register an LDAP search user on the LDAP directory server.
  • Verify the following information:
    • DN and password of the LDAP search user
    • Server identification name or the domain name for external authentication servers of the LDAP directory server (for LDAP authentication)

      Specify the server identification name that was specified for the auth.server.name property in the exauth.properties file, or specify the domain name specified for auth.ldap.value-specified-for-auth.server.name.domain.name property in the exauth.properties file.

    • Domain name of the RADIUS server (for RADIUS authentication)

      Specify the domain name specified for auth.radius.auth.server.name-property-value.domain.name in the exauth.properties file.

    • Realm name of the Kerberos server (for Kerberos authentication)

      If you directly specify information about a Kerberos server in the exauth.properties file, specify the value specified for auth.kerberos.default_realm or auth.kerberos.auth.kerberos.realm_name-property-value.realm.

      If you specify the settings in the exauth.properties file to use the DNS server to look up information about a Kerberos server, specify the realm name registered in the DNS server.

Execute the hcmds64ldapuser command.
In Windows:

Common-Component-installation-folder\bin\hcmds64ldapuser /set /dn DN-of-user-account-used-to-search-for-LDAP-user-info [/pass password-of-user-account-used-to-search-for-LDAP-user-info] /name name

In Linux:

Common-Component-installation-directory/bin/hcmds64ldapuser -set -dn DN-of-user-account-used-to-search-for-LDAP-user-info [-pass password-of-user-account-used-to-search-for-LDAP-user-info] -name name

  • DN-of-user-account-used-to-search-for-LDAP-user-info

    Specify a DN by following the rules defined in RFC4514. For example, if the following characters are included in a DN, you must use a backslash (\) to escape each character.

    Spaces # + , ; < = > \

  • password-of-user-account-used-to-search-for-LDAP-user-info

    This is case-sensitive and must exactly match the password registered in the LDAP directory server. If you execute the command without specifying the pass option, you will be prompted to enter a password.

Note:
  • In the LDAP directory server, you can use double quotation marks (") for the DN and password. In the management server, however, you must register a user account whose DN and password do not include double quotation marks.
  • If you are using Active Directory, you can use the dsquery command provided by Active Directory to verify the DN of a user. The following example shows how to use the dsquery command to verify the DN of the user administrator, and also shows the execution results:

    dsquery user -name administrator

    "CN=administrator,CN=admin,DC=example,DC=com"

  • If the DN includes commas such as cn=administrator,cn=admin,dc=example,com, specify as follows:

    In Windows:

    hcmds64ldapuser /set /dn "cn=administrator,cn=admin,dc=example\,com" /pass administrator_pass /name ServerName

    In Linux:

    hcmds64ldapuser -set -dn "cn=administrator,cn=admin,dc=example\\,com" -pass administrator_pass -name ServerName