LDAP Authentication for Console Management Administrators

For BMC AMI Console Management administration, you have to log in to configuration pages that are displayed by a customized Apache Tomcat web server. The credentials are stored in a local text file within the software installation directory by using the Tomcat UserDatabaseRealm authentication option.

The Console Management administrator pages have a General Settings - Administrator Accounts page that allows you to add or delete administrators, change passwords, and limit access to specific areas of product configuration and control.

Tomcat also offers alternative authentication options. The authentication option explained here uses LDAP to check credentials against enterprise user databases using the Tomcat JNDIRealm option. Currently, this authentication option must be configured manually from the Linux command line, and it also requires specific settings at the enterprise level. It is designed primarily to work with Windows Active Directory. The RACF and ACF2 users can have their credentials (username and password) validated, but currently it is not possible to limit the valid mainframe users who are permitted to administer Console Management.

This section primarily discusses Active Directory with a short example of a RACF configuration.

Setting up LDAP Administrator Authentication

The LDAP administrator authentication procedure is as follows:

  1. Identify a test Linux server that is to be used for the development process.
  2. Discuss the necessary Active Directory configuration requirements with your IT.
  3. Identify the Active Directory Windows servers that you will connect to for authentication, and set up the certificate trust store required for making secure LDAP connections.
  4. Login to the Linux server command line with a privileged user ID, and change configuration manually.
  5. Stop and restart the Tomcat web server, and test until it works to your satisfaction.
  6. Copy the relevant configuration files to production servers and test them.

This section contains the following topics:

 

Related topic

Administering

BMC-AMI-Console-Management-system-configuration

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*