Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Network Node Manager i Software10.30

Administer > Configure Security > Choose a Mode for NNMi Access > X.509 Certificates to Control NNMi Access

X.509 Certificates to Control NNMi Access

The X.509 Certificate service eliminates the need for any NNMi passwords. NNMi administrators have a choice of where to define and store the required NNMi User Group membership assignments:

Mixed: NNMi defines and stores the User Group assignments.
External: NNMi uses the Lightweight Directory Access Protocol (LDAP) User Group assignments.

Tip NNMi supports Public Key Infrastructure (PKI) user authentication. This includes Smart Cards, such as Common Access Card (CAC) and Personal Identity Verification (PIV).

User Authentication Strategy
Option	Which Method for User Authentication?	User Account Definitions in NNMi	User Group Definitions in NNMi	Which Method for Group Membership?
2 - Mixed	X.509 Certificate	yes	yes	NNMi User Account Mappings
3 - External	X.509 Certificate	no	yes	LDAP

Caution NNMi administrators must choose one Mode and configure all NNMi users with the same approach. See also:

Follow the instructions in the “Configuring NNMi to Support Public Key Infrastructure User Authentication” chapter in the Network Node Manager i Software Deployment Reference, which is available at: https://softwaresupport.softwaregrp.com/.

X.509 Certificates Configuration [These steps are in the Deployment Guide]
Mode	Procedure
2 - Mixed	Modify the `nms-auth-config.xml` file and create User Accounts as described for configuration option 2 in the “Configuring NNMi to Support Public Key Infrastructure User Authentication” chapter in the Network Node Manager i Software Deployment Reference, which is available at: `https://softwaresupport.softwaregrp.com/`. In the NNMi console: Configure User Accounts (User Account Form). NNMi user names must be stored in both the X.509 Certificate implementation and the NNMi User Accounts. Enable the User Account form's Directory Service Account attribute to make the password unnecessary. Tip NNMi administrators can also add, delete, or modify NNMi user names and the Directory Service Account attribute with the nnmsecurity.ovpl command-line tool. User Groups and User Group Mappings are stored in the NNMi database: Configure User Groups (User Group Form). Map User Accounts to User Groups (User Account Mapping Form). NNMi users can belong to more than one User Group. The NNMi administrator must assign each User Account to a predefined NNMi User Group before that user can access NNMi. See User Groups Provided in NNMi for more information. Configure which objects are visible to each User Group: Configure Security Groups (Security Group Form) Map User Groups to Security Groups (Security Group Mapping Form). Note To make changes to NNMi users' user name or password, you must now use the appropriate process for making changes to the data stored in your environment's X.509 Certificate implementation.
3 - External	Modify the `nms-auth-config.xml` file and create User Accounts as described for configuration option 2 in the “Configuring NNMi to Support Public Key Infrastructure User Authentication” chapter in the Network Node Manager i Software Deployment Reference, which is available at: `https://softwaresupport.softwaregrp.com/`. For this X.509 Certificate configuration, no User Accounts are required in the NNMi console: Configure User Accounts (User Account Form), do not use this form. User Groups are stored in the NNMi database: Configure User Groups (User Group Form). NNMi's User Group form has a Directory Service Name attribute where you record the distinguished name. For this configuration, LDAP provides the User Group membership assignments. No User Account Mappings are required in the NNMi console: Map User Accounts to User Groups (User Account Mapping Form), do not use this form. Configure which objects are visible to each User Group: Configure Security Groups (Security Group Form) Map User Groups to Security Groups (Security Group Mapping Form). Note To make changes to NNMi access (user name, password, or NNMi User Group assignment), you must now use the appropriate process for making changes to the data stored in your environment's X.509 Certificate implementation and directory service software.

Send Help Center feedback