The user management system in RealOpInsight Ultimate is designed to help administrators and operations managers meeting delegating management requirements.
A user is defined by a user name and a password. Each user has a role that determines the functionalities he may access within the system. In complement to user roles, RealOpInsight enables a flexible permission system that allows to control the access to any monitoring data in accordance with delegating management.
RealOpInsight Ultimate comes with an initial admin user, but you can add other users in the system as follows:
Add userfrom the User Management menu section.
Submitto validate the creation. Input fields require validation, so you may be invited to fix invalid input.
As administrator user, you can update user information and even reset his password. Here are steps to do that:
Update. If you’d rather want to reset the user password, click on the button
Updateto apply them, a confirmation message will inform you about the completion status.
Here are steps to delete a user:
Deleteto request the deletion.
As of version 2014b3, RealOpInsight Ultimate can authenticate users against an LDAP directory.
Designed in the same spirit as the overall RealOpInsight system, the support to LDAP
has been designed to be flexible to make its use as straightforward as possible.
The only important think to consider is that the LDAP support is mutually exclusive with the default
built-in authentication system. Hence the both authentication systems can not be used in conjunction.
However, when using LDAP, the built-in
(see default credentials)
is still active and works as unique administrator account for the overall system.
All LDAP-based users are therefore considered as operators.
When LDAP authentication is enabled, users created via the built-in system are always
available in RealOpInsight but cannot authenticate successfully. You can still get
access and modify their user information via the menu
All users, which also lists
LDAP-based users. Conversely, LDAP user information cannot be updated or deleted via
RealOpInsight. Further, when LDAP authentication is disabled, all related users are
removed from the RealOpInsight authentication system.
LDAP integration assumes that you already have a working LDAP-compatible directory within your organization. The functionality has been tested with versions 2 and 3 of the protocol.
Additionally, you need to enable read access to the user base of your directory to RealOpInsight Authentication System. To ease this integration, the Authentication Manager provides a setting form for this purpose (see screenshot).
Setting up the LDAP integration involves the following steps:
Sign in to RealOpInsight as
Select the menu
Auth Settings to display the LDAP settings form.
In the setting form, select
LDAP as authentication mode.
URI to the LDAP server. This must be in the form of
ldaps://server:port (LDAP over SSL), the latter be preferred for security reasons.
LDAP Search Base to where LDAP users will be found from the LDAP directory tree.
Set the Distinguish Name (dn) and the password of the
LDAP bind user, i.e. the account
that should be used to authenticate against the LDAP server to retrieve user information.
Those parameters are notably required for LDAP servers that do not accept anonymous access.
LDAP attribute to use as identifier for users. If empty, the attribute
will be considered. You may use
CAUTION: If you set an attribute that does not identify uniquely users, RealOpInsight will deny the access if there are two or more users having a same value for that attribute.
Once the access to your directory user search is enabled for RealOpInsight Authentication System, you finally need to enable users that authenticate against RealOpInsight. The RealOpInsight User Management System provides a checkbox-based selection list (see the screenshot below) to deal with that. You can enable and disable an LDAP user on-the-fly. allow you to enable and disable users in one click.
Below are steps to deal with that:
LDAP usersto display the LDAP user handling form.
personclass in the directory) from the directory search base set previously.