E-mail
You configure HQ Server for your LDAP server in the "LDAP Configuration Properties" section of the Administration > HQ Server Settings page.
By default Hyperic HQ uses its database for storing information about users and authenticating those users. HQ can be configured to use an external LDAP directory for authenticating users in addition to its own database.
In HQ Enterprise, these properties configure HQ to use an external LDAP directory — in addition to HQ's own database — for authenticating users.
| Property | Description |
| Use LDAP Authentication | Checkmark this option to enable LDAP authentication. |
| URL | Location of your LDAP or Active Directory server. If other than the standard LDAP port is used, specify it the URL. Add the port to the end of the URL, after a colon (:) character. For example: ldap://YourLDAPHost:44389 |
| SSL | Indicates whether the LDAP directory requires SSL connections. |
| Username and Password | Used if the LDAP directory does not allow anonymous searching, as is common in secure environments. The username must be an LDAP user with sufficient privileges to view at least the sections of the directory containing the information for HQ users. The full node path is required, for example: cn=admin,dc=example,dc=com |
| Search Base | Also known as the suffix. Required for an LDAP connection. The full path to the branch required, for example: ou=people,dc=example,dc=com If you are unsure of this setting, check with your LDAP administrator. |
| Search Filter | Limits the users in LDAP to a subset of the entire directory. For example, (!(location=SFO*)) |
| Login Property | The LDAP property that HQ will use as the username. Very important. Examples of common login properties are "cn" and "uid". |
After LDAP authentication has been successfully configured, users will be able to log into HQ with their LDAP password (using the value specified as the Login Property as their username). The first time LDAP users log in to HQ, they will be asked to provide some identifying information before they can continue: their first and last name, email address, phone number, etc. This is for display purposes and alert notification purposes.
Note: LDAP users must also have one or more HQ roles. As with all new users in HQ, LDAP users are not assigned to any roles by default and therefore they will not be able to see any resources in HQ until they are added to a role. HQ administrators will need to assign the appropriate role or roles to the user in HQ. (On the HQ Administration page, click List Users, select the user, and click Add to List in the "Roles Assigned To" section of the page.)