Active Directory Device Discovery

ldap or active directory devices can be integrated with kron pam some properties must be added from the system configuration manager for discovery configuration navigate to administration > system configuration manager enter the related configuration parameters below the n values at the end of parameters must continue with integers starting from 0 sc device integration ldap url url info of the ldap or ad ip or dns names can be used there isn’t any “ n” suffix multiple ldap urls can be added in this property ldap url’s must be defined with a hash (#) separator like, ldap\ //10 20 30 40#ldap\ //10 20 30 41 sc device integration ldap basedn n ldap base dns values all device and device groups will be implemented under this base dn multiple base dns can be used with the separator “ | ” sc integration ldap eid n username used to log in to the ldap/ad to get users sc device integration ldap password n password of the username defined in sc integration ldap eid n sc device integration ldap source name n discovery source name which will be set on the devices and device groups kron pam can store devices from multiple sources and must know the source of the discovered devices so it only updates these during auto discovery sc device integration ldap root device group n optional, name of root device group on kron pam it is used to collect all discovered devices and device groups under one specific root device group sc device integration ldap user membership n true or false this is a flag that sets the ldap device discovery strategy if it is enabled, the memberof attribute will be used to determine device groups of devices and parent groups of device groups kron pam connect discovers all the device tree hierarchy recursively until the memberof attribute returns empty values if it is disabled, kron pam uses the device dn distinguishedname attribute to determine the device group and device group hierarchy every cn, or ou, except base dn at dn of device values, will be converted to a device group ex cn\ computer 1,cn=computers, cn=it devices, ou=all devices, \<base dn> sc device integration ldap device group search phrase n this parameter is used and mandatory only if “user membership” is enabled ldap search phrase for device groups sc device integration ldap device group dn filter n ldap does not support advanced searches on dn distinguishedname , such as contains, end with, and start with if this attribute is set, single connect will filter the device group search result by matching the device group dn to this parameter’s value this parameter is optional, accepts regular expressions and is used only if user membership is enabled sc device integration ldap device search phrase n mandatory ldap search phrase for devices sc device integration ldap device ip attribute n mandatory ldap attribute name for device ip sc device integration ldap device hostname attribute n optional ldap attribute name for device hostname the hostname is used on displays sc device integration ldap device access protocol attribute n optional device access protocol ldap attribute access protocol examples; rdp, ssh, vnc, sftp sc device integration ldap device default access protocol n mandatory if the access protocol attribute parameter is not set or the access protocol cannot be discovered from ldap, this parameter’s value is used sc device integration ldap device element type id attribute n optional device element type ldap attribute element type examples windows, centos, cisco xr sc device integration ldap device default element type id n mandatory if the element type attribute parameter is not set or the device element type cannot be discovered from ldap, this parameter’s value is used sc device integration ldap device port attribute n optional access protocol connection port ldap attribute sc device integration ldap device default port n optional if the port attribute parameter is not set or the device connection port info cannot be discovered from ldap, this parameter’s value is used if this parameter is not set, the access protocol default port will be used, such as 22 for ss, 3389 for rdp parameter name sc device integration ldap basedn 0 mandatory dc= ,dc= ex dc=singleconnect,dc=test sc device integration ldap device access protocol attribute 0 sc device integration ldap device default access protocol 0 mandatory ex rdp sc device integration ldap device default element type id 0 mandatory ex windows 7 sc device integration ldap device default port 0 sc device integration ldap device element type id attribute 0 sc device integration ldap device group search phrase 0 mandatory ex (cn=cert publishers) sc device integration ldap device hostname attribute 0 sc device integration ldap device ip attribute 0 mandatory ex dnshostname sc device integration ldap device port attribute 0 sc device integration ldap device search phrase 0 mandatory ex (objectclass=computer) sc device integration ldap eid 0 mandatory sc device integration ldap password 0 mandatory sc device integration ldap root device group 0 mandatory sc device integration ldap source name 0 mandatory sc device integration ldap url mandatory ldap\ // ex ldap\ //10 20 30 40 389 sc device integration ldap user membership 0 mandatory true/false after defining the above parameters, apply the steps outlined in the docid\ jiut1wgmk6vjk6derpbtv or docid\ ypzfnaa5jgaoxj26f93ap sections if the device tree structure has both device and device groups under a parent device group, then the device group is duplicated, and an underscore “ ” is added at the end of the device group name ex devicelist 01 device group have device and device groups therefore, devicelist 01 groups are duplicated multiple ldap device integrations can be performed by duplicating the above parameters it must have sequential numbers, starting from “ 0 ” (zero) for each ldap, like sc device integration ldap basedn 0 , sc device integration ldap basedn 1 , sc device integration ldap basedn 2