Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Network Node Manager i Software10.30

Administer > Integrate NNMi with a Directory Service through LDAP > Directory Service Queries > User Group Identification > Configuring User Group Retrieval from the Directory Service (Detailed Approach)

Configuring User Group Retrieval from the Directory Service (Detailed Approach)

If the simple approach described in Task 5 did not work correctly, follow these steps:

Obtain the required user information from the directory service administrator.
Verify the format of group names and group members in the directory service by completing the appropriate procedure:
- LDAP browser approach for Active Directory: See Determining How the Directory Service Identifies a Group and Group Membership (LDAP Browser Approach for Active Directory).
- LDAP browser approach for other directory services: See Determining How the Directory Service Identifies a Group and Group Membership (LDAP Browser Approach for Other Directory Services).
- Web browser approach for other directory services: See Determining How the Directory Service Identifies a Group (Web Browser Approach).
Configure the LDAP configuration file.
- Using the nms-auth-config.xml file:
  1. Open the nms-auth-config.xml file in any text editor.
  2. Set the role element to correlate user names to the way user names are stored for groups in the directory service. Replace the actual user name with one of the following expressions:
    - Use {0} to denote the user name entered for signin (for example, john.doe).
    - Use {1} to denote the distinguished name of the authenticated user as returned by the directory service (for example, uid=john.doe@example.com,ou=People,o=example.com).
  3. Set the roleContextDN element to the portion of the directory service domain that stores group records.
    
    The format is a comma-separated list of directory service attribute names and values. For example:
    - For Microsoft Active Directory
      CN=Users,DC=ldapserver,DC=mycompany,DC=com
    - For other LDAP technologies
      ou=Groups,o=example.coms
- Using the ldap.properties file:
  1. Open the ldap.properties file in any text editor.
  2. Set the rolesCtxDN parameter to the elements of the distinguished group name that are the same for multiple groups.
  3. Set the roleFilter parameter to correlate user names to the way user names are stored for groups in the directory service. Replace the actual user name with one of the following expressions:
    - Use {0} to denote the user name entered for signin (for example, john.doe).
    - Use {1} to denote the distinguished name of the authenticated user as returned by the directory service (for example, uid=john.doe@example.com,ou=People,o=example.com).
  4. Set the uidAttributeID parameter to the name of the group attribute that stores the user ID.
Test the configuration as described in Configuring NNMi to Access a Directory Service.

Determining How the Directory Service Identifies a Group and Group Membership (LDAP Browser Approach for Active Directory)

In a third-party LDAP browser, do the following:

Navigate to the portion of the directory service domain that stores user information.
Identify a user who requires access to NNMi, and then examine the format of the distinguished names for the groups associated with that user.
Navigate to the portion of the directory service domain that stores group information.
Identify the groups that correspond to NNMi user groups, and then examine the format of the names for the users associated with a group.

Determining How the Directory Service Identifies a Group and Group Membership (LDAP Browser Approach for Other Directory Services)

In a third-party LDAP browser, do the following:

Navigate to the portion of the directory service domain that stores group information.
Identify the groups that correspond to NNMi user groups, and then examine the format of the distinguished names for those groups.
Also examine the format of the names for the users associated with a group.

Determining How the Directory Service Identifies a Group (Web Browser Approach)

In a supported web browser, enter the following URL:

ldap://<directory_service_host>:<port>/<group_search_string>
- <directory_service_host> is the fully-qualified name of the computer that hosts the directory service.
- <port> is the port that the directory service uses for LDAP communication.
- <group_search_string> is the distinguished name for a group name that is stored in the directory service, for example: cn=USERS-NNMi-Admin,ou=Groups,o=example.com
Evaluate the results of the directory service access test.
- If you see a message that the directory service does not contain the requested entry, verify the value of <group_search_string>, and then repeat step 1.
- If you see the appropriate list of groups, the access information is correct.
Examine the group properties to determine the format of the names for the users associated with that group.

Send Help Center feedback