Overview
This document provides step-by-step instructions for configuring the Managed System specifically using AD PowerShell Managed System in OpenIAM to establish a connection with Active Directory (AD).
In this document we cover these topics.
1.How to access OpenIAM
- 1.1 Find the IP address of OpenIAM
- 1.2 Access the OpenIAM web console
- 1.3 Login as System Administrator
2.How to configure managed system
- 2.1 Access the Managed System
- 2.2 Edit Managed System ( we chose AD PowerShell Managed System )
- 2.3 Configure the necessary fields of a managed system
3.Troubleshooting a managed system dashboard
- 3.1 Running Connectors Status:
No active connectors found - 3.2 Running Connectors Status:
displayed in red - 3.3 Information About Running Connectors Status
Prerequisites
OpenIAM Installed: Ensure OpenIAM is installed on your server.
1.How to access OpenIAM
1.1 Find the IP address of OpenIAM
To access OpenIAM via the web console, we need the IP address of the machine where OpenIAM is installed. This is crucial for entering the correct address in your web browser's address bar.
1.2 Access the OpenIAM web console
In your browser, enter your IP address of OpenIAM + /webconsole
For example: 192.168.1.139/webconsole
1.3 Login as System Administrator
To gain the necessary permissions to modify all settings and configurations, you need to login as the system administrator(sysadmin).
note:usually default password is passwd00 but you can change to what ever you want to
2.How to configure managed system
2.1 Access the Managed System
locate the Provisioning tab in the main menu.
Click on the Managed System section.
Here, we observed that some Managed System was already in place.
2.2 Edit Managed System (we chose AD PowerShell Managed System)
In the list of managed systems, locate the AD PowerShell Managed System.
In the action section next to it, click on Edit. This allows you to modify specific details of the managed system.
2.3 Configure the necessary fields of a managed system
Parameter Details
note: In this section, the first four parameters are automatically filled, but you have the option to edit the description if desired.
Connector : Refers to the specific connector used.
Managed System Id : Represents the unique identifier assigned to the managed system.
Managed System Name: it refers to the name of managed system.
Description : Provide a detailed overview or relevant information about the managed system.
Required Options
To create a user and synchronize it with the managed system, ensure you activate the following three options.
Active
Description: refers to a state where the managed system is performing tasks or operations.
All users provisioned with this managed system
Description: refers to each user you create in OpenIAM who will automatically be provisioned with this specific managed system and connect to Active Directory.
note:
Provision: means that whenever you create a user, it is automatically added to the Active Directory and created without requiring manual intervention.
Entering the Hostname or IP Address
In the Host URL field, you should enter the hostname or IP address of the Active Directory that you want to connect to.
Finding the IP Address
To find the IP address of the machine where Active Directory is installed and users exist.
- Login to your Active Directory machine.
- Press Windows + R on your keyboard.
- Type
cmdand press Enter. - In the Command Prompt, type
ipconfigand press Enter.
This will display the IP address along with other network configuration details.
Ensure that your Active Directory server is on the same network as the server where OpenIAM is installed.
This can be achieved by using: static IP or a DHCP-assigned IP within the 192.168.1.x range.
Example IP Address: 192.168.1.147is on the same network as the server where OpenIAM is installed. you should find yours
Connection Requirements
For connecting to PowerShell, only the IP address is required. Secure connection protocols such as LDAP are not necessary for this setup.
Port Configuration
There is no need to configure the port for the connection.
Password Policy
The password policy should be set to Default pswd policy.
Communication Protocol
Set the communication protocol to CLEAR.
Login ID and Password Setup
Ensure you have the administrator's username and password for Active Directory.
Please ensure to include your domain in the login ID. For example, Saeigroup is our domain; you should identify and use your own domain accordingly.
For example:
Login ID : your Domain/administrator's username
Password: administrator's Password
Object primary key for the user
The object primary key for the user refers to the unique identifier that is essential for recognizing the user within a system.
In this context we use sAMAccountName.
object primary key for the user: sAMAccountName.
Configure the Base DN for user and Search Base DN for user
Search Base DN for user: The place in Active Directory where OpenIAM looks for users to sync.
Base DN for User: Specifies the location in Active Directory where new user accounts will be created.
note:To fill in these two fields, you need access to Active Directory Users and Computers.
Accessing Active Directory Users and Computers
Login to your Active Directory machine.
Press Windows + R .
Type
dsa.mscand press Enter.
This opens the Active Directory Users and Computers console.
You should replace each of these with the appropriate values from your Active Directory Users and Computers console.
OU = Your Organizational Unit
DC = Your Domain Component
DC = Your Network
Base DN for user: OU = Your Organizational Unit,DC = Your Domain Component,DC = Your Network
Search Base DN for user: OU = Your Organizational Unit,DC = Your Domain Component,DC = Your Network
Example (based on our setup):
OU=SaeiUsers,DC=Saeigroup,DC=local
Base DN for user:OU=SaeiUsers,DC=Saeigroup,DC=local
Search Base DN for user:OU=SaeiUsers,DC=Saeigroup,DC=local
notes: DC=local indicating that it is internal network (based on our setup).
Search filter for user
There is no need to configure the Search filter for user.
Downstream managed system
the downstream managed system is to be operated through a Groovy script-based management approach.
we chose a Groovy script-based management system.
Congratulations, your editing is complete and all required fields have been filled in. You can now click the Save button.
No active connectors found
In the Management System Dashboard, under the Running Connectors Status section, you may see the message:
No active connector found.
Cause:
This issue occurs because the connection to Active Directory has been configured in OpenIAM, but the required Active Directory connector has not been installed.
Solution:
To resolve this, you need to install the appropriate connector in your OPenIAM .
Installing the Active Directory Connector
To install the connector, place the installation file in the active directory. The installation wizard will then guide you through the setup step by step, as explained in the documentation provided below.
https://docs.openiam.com/docs-4.2.1.2/connectorconfig/microsoft/1-powershellconnectorinstallation
The installation document is quite clear; however, it would be beneficial to include more detailed information regarding one of the steps to ensure complete clarity and ease of understanding.
In order to complete the necessary fields, we first need to locate the Connector Queue, which is found in the AD PowerShell Managed System.
locate the Connector Queue
locate the Provisioning tab in the main menu.
Click on the Managed System section.
In the list of managed systems, locate the AD PowerShell Managed System.
In the action section next to it, click on Edit.
Navigate to the Connector Queue tab.
We copied the existing input and pasted it into the queue section.
The default username:openiam
The default password:The password is the default RabbitMQ password that is set in the installation file.
Queue:existing input in Connector Queue
Test the Connection
After completing the necessary fields Click Test Connection.
connection fails
If the connection fails, check the following:
Ensure the username and password are correct.
Verify that port 5672 is not blocked by a firewall on any machines.
When the connection is established successfully, we proceed to install it as a document that already exists.
After all these steps, you need to reset the connector in OpenIAM.
reset connector
Navigate to the Provisioning tab
Select the Connectors Tab
Locate the AD PowerShell Connector
Click on the Edit button associated with the AD PowerShell Connector.
click on the Save button.
Note: Saving will reset the connector.
After that, we need to check the Running Connectors Status so you should locate the managed system dashboard.
locate the managed system dashboard
locate the Provisioning tab in the main menu.
Click on the Managed System section.
In the list of managed systems, locate the AD PowerShell Managed System.
When everything is functioning correctly,you should see the Running Connectors Status displayed in green.
Congratulations on successfully configuring the Managed System in OpenIAM to establish a connection with Active Directory (AD).
3.Troubleshooting a managed system dashboard
3.1 Running Connectors Status: No active connectors found
It likely indicates an issue with the connection to the Active Directory, such as the Active Directory machine being turned off.
With these tips, you will be able to identify the issue and understand why it is not connecting.
3.2 Running Connectors Status: displayed in red
if you see the display red in Running Connectors Status you should troubleshoot it.
For example:
you enter an incorrect administrator's password within Active Directory in the managed system.
You can also click on the error to view the detailed message explaining the problem.
3.3 Information About Running Connectors Status
We should mention some data that you can get from Running Connectors Status.
IP address
This section shows the IP address associated with the Active Directory we connected to.
most recent date
This section verifies the most recent date to determine whether it is linked to the active directory or not.
Top comments (0)