Configuring Active Directory or an LDAP server for user authentication

The IBM® QRadar® Network Packet Capture integrates into your security infrastructure by using your existing authentication provider. Use the AUTHENTICATION AND AUTHORIZATION widget to configure Active Directory and LDAP. QRadar Network Packet Capture supports full user authentication as specified by Microsoft® Active Directory services or an LDAP server. Microsoft® Active Directory and LDAP servers as an authentication source are disabled by default.

Before you begin

Log into the QRadar Network Packet Capture appliance as an administrator.

Procedure

  1. In QRadar Network Packet Capture, click the ADMIN tab, and go to the AUTHENTICATION AND AUTHORIZATION widget.
  2. Select the appropriate Server Type, and click Apply.
    The parameters that you configure depend on the authentication server type.
    Note: If the primary authentication and authorization server is inaccessible when a user requests authentication, a service record (SRV) lookup is performed against the DNS name. The list of resolved SRV IP addresses is used as secondary authentication servers.
    Important: If Active Directory is enabled, the user name must be a fully qualified domain name, for example, \\[domain]\[user name] or [user name]@[domain].

    Use the following table to choose and configure the correct Server type.

    Parameter Server Type Description Default
    Protocol for communicating with the Active Directory or LDAP server All Protocol and encryption method. Possible values:
    • LDAP
    • LDAP + TLS
    • LDAP + SSL
    		 LDAP
    Host name or IP address of the Active Directory or LDAP server All   N/A
    Port number to connect to on the Active Directory or LDAP server All   389
    Timeout in seconds of the connection to the Active Directory or LDAP server All   25 seconds
    Base Domain Name All The distinguished name where the query has to be started. N/A
    Administrator level group All Name of the group that is used to identify the admin level privileges N/A
    Operator level group All Name of the group that is used to identify the operator level privileges N/A
    Monitor level group All Name of the group that is used to identify the monitor level privileges N/A
    Filter LDAP The condition the entries must meet N/A
    Scope of the filter LDAP

    Possible values:

    • Base
    • One Level
    • Subtree
    		 Subtree
    Attribute name used for assigning groups to users LDAP Name of the returned objects attribute that contains group names  

    LDAP userbase used when binding to LDAP server

    		 LDAP Specify authentication information to allow users to log in with a short user name.

    For example, you can specify:

    cn={},dc=company,dc=com

    where {} denotes the user name (for example, admin), and company.com is your domain.

    Another example might be:

    uid={},ou=people,

    dc=company,dc=com

    When this USERBASE field is set, a user can log on using their short user name, (for example, admin) without needing to specify a fully qualified domain name.