Search the VMware Knowledge Base (KB)
View by Article ID

Converting from Active Directory to VMware Identity Manager in vRealize Log Insight (2148976)

  • 0 Ratings

Purpose

Direct connectivity from VMware vRealize Log Insight to Active Directory servers is deprecated starting in Log Insight 4.5, and will not be supported moving forward. Log Insight supports integration with VMware Identity Manager (VIDM), which provides single sign-on for multiple identity sources, including Active Directory. It is recommended to migrate user accounts to VMware Identity Manager.

Each user account in Log Insight has a unique identity associated with their saved fields, dashboards, alerts and other saved content. If two identity providers are present and a person authenticates with both, they may have two independent sets of saved content.

This article provides steps to convert existing Log Insight users' identity source from Active Directory to VMware Identity Manager.

Resolution

To convert Active Directory users to VMware Identity Manager users in vRealize Log Insight:

Prerequisites

Procedure

  1. Open a console or SSH session to one of the vRealize Log Insight cluster members and authenticate as root.

  2. Run the command:

    /opt/vmware/bin/li-convert-ad2vidm.sh

    The output contains a list of vRealize Log Insight Roles.

  3. Identify one of the roles to be converted. The selected role will apply to all users belonging to Active Directory groups which have been granted access to the vRealize Log Insight cluster.

    The Output contains a table with these headings:

    • id - This is the identifier for the Role.
    • directory_groups - The Active Directory groups currently assigned the Role.
    • name - This is the friendly name associated to the Role that you see in the UI.
    • capabilities - These are the capabilities for the Roles.

  4. Run the command again, specifying one of the role ids from step 3:

    /opt/vmware/bin/li-convert-ad2vidm.sh id

    For example:

    Assigning Users role to all AD users.

    /opt/vmware/bin/li-convert-ad2vidm.sh 00000000-0000-0000-0000-000000000002

    The output will describe the outcome of the conversion. Duplicate users may need to be handled manually.

  5. Repeat steps 3 and 4 for each role to be converted.

Impact/Risks

This migration solution is limited to altering 500,000 vRealize Log Insight users. For larger scale, please contact VMware Support.

Additional Information

For more information about VMware Identity Manager and Log Insight, see https://blogs.vmware.com/management/2017/06/vidm-log-insight.html published 2017-06-20.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 0 Ratings
Actions
KB: