Installing BMC Defender LDAP Tool Kit

Note

As of Version 5-7-X, the LDAP adapter is a standard facility of the BMC Defender Server, hence needs no special installation instructions. The information in this section is mainly useful for installing customized packages specific to customer sites.

If needed, basic installation steps are as follows:

  1. Download the BMC Defender LDAP Interface Software, in self-extracting WinZip format.
  2. Stop the BMC Defender Framework Service. (The LDAP package overwrites and replaces the CO-catlog.exe process; hence the BMC Defender Framework Service cannot be running when this software installs.)
  3. Execute the self-extracting WinZip file. This unzips the software into the BMC Defender Windows Distribution, including all configuration data and executables.
  4. Restart the BMC Defender Framework Service. 

You can find the information needed to configure the LDAP parameters in Using-BMC-Defender-LDAP-Tool-Kit

Note

Administrative logins are required to perform the software installation, along with detailed information regarding LDAP server locations and capabilities.

Installation requirements and constraints

  • Existing BMC Defender Server installation—Prior to installing the software, the BMC Defender Server system must be installed on a Windows platform.
  • Firewall requirements—The software requires that managed devices can access the target LDAP server. This might be a normal condition. However,  some sites might purposely disable this port, and those selected devices are not manageable by BMC Defender).
  • Administrator privileges—The software requires an administrator login to the LDAP server to fetch information.
  • LDAP directory—The software requires that you have an LDAP directory configured within the enterprise, such as Microsoft Active Directory or a UNIX LDAP implementation. 

To ensure proper installation of the program, you should close all windows, and temporarily disable any port blocking or Virus Scan software on the system.

Windows installation procedure

The specific steps needed to install the software are :

  1. Login to the BMC Defender Server Windows platform using an Administrator login.
  2. Stop the BMC Defender Framework Service via the Windows Service Manager, or via the net stop correlog command at a cmd.exe prompt.
  3. Obtain and execute the co-n-n-n-ldap.exe package, extracting files to the directory location where BMC Defender is installed. (The default installation directory is C:\Program Files\BMC Software\BMC Defender.) After extracting files, the About dialog is displayed indicating the success of the installation.
  4. Restart the BMC Defender Framework Service via the Windows Service Manager, or via the net start correlog command and a cmd.exe prompt.
  5. Login to the BMC Defender Server web interface, and verify that the System > Tools > Auto-Update > LDAP tab now exists.

If, after extracting files, you do not see the LDAP tab in the System tab, you probably extracted files to the wrong location in step #3 above. In this case, simply repeat the preceding procedure, extracting files to the correct installation folder for the BMC Defender Server.

LDAP parameter configuration

Once the LDAP interface has been installed and is running on the system, you can configure parameters associated with the interface via the System Tools > Auto-Update > LDAP screen.  By default, all you need to do is to click the Edit button and set the Gen LDAP Enable button to Enabled.  You can also generate new LDAP data on demand via the Generate button or set the execution time to hourly, daily, or some other schedule of execution.The Configuring-BMC-Defender-LDAP-Tool-Kit section details available options.

Third-party LDAP browsers

The  BMC Defender LDAP Interface Software is not intended to be a comprehensive LDAP browser. When configuring LDAP, it is often useful to deploy a third-party LDAP server on the BMC Defender platform to verify connectivity and the Distinguished Names described in the next section. A variety of third-party LDAP browsers are available, many of them completely free.

In the absence of any specific preferences, BMC Defender recommends the Softterra LDAP browser, that is available for download from the web, and easily located via any web search. This product, in addition to allowing easy browsing and troubleshooting of LDAP directories, implements an LDIF export utility that directly supports the format expected by BMC Defender.

LDIFDE.exe program

The BMC Defender Server acquires LDAP or Active Directory data using the standard Windows LDIFDE.exe program. The utility is provided with BMC Defender and is also a standard part of modern Windows servers.

If the BMC Defender Server is part of a Windows domain, special configuration is not usually required to begin using the LDIFDE.exe program. However, some instances might exist where the gen-ldap.bat file (in the net-users folder of the BMC Defender Server) might need adjustments. For example, if the BMC Defender Server node is not joined to a domain, or the administrator wants to gather information from an Active Directory server in the organization, the gen-ldap.bat must be modified. This file is located in the installationDirectory\net-user\gen-ldap.bat directory. Replace installationDirectory with the directory in which you installed the product. The default directory is C:\Program Files\BMC Software\BMC Defender.

If special requirements exist for the installed site, contact BMC Support for assistance with modifying the preceding file, or consult web resources.

Related topics

BMC-Defender-LDAP-Tool-Kit

Configuring-BMC-Defender-LDAP-Tool-Kit

Using-BMC-Defender-LDAP-Tool-Kit


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*