I’ve got lot of questions from people about integrating IBM Flex System CMM with Active Directory or LDAP authentication, because lets face it – IBM documentation is not the best in the industry and this part is kinda missing there :/
For those of you who worked with IBM BladeCenter AMM before it might be easy, as configuration is basically same and most importantly, documentation for this actually exist – to some extent.
You can check it out here: Configuring LDAP in BladeCenter AMM / Flex CMM
If you don’t want to spend time reading the manual, here is simplified version:
Note: I configured IP and DNS information in advance.
- Login to CMM console.
- Go to Mgt Module Management>Network>LDAP Client
- Specify following settings (the rest is optional mostly used to tweak search performance and improve security):
Now we have to pair Roles in CMM with Active Directory groups.
Go to Mgt Module Management>User Accounts>Group Profiles>Add a Group.
Note: Group ID or Group Profile Name is actually group name in Active Directory.
Last step is to specify order of authentication. Mgt Module Management>User Accounts>Accounts>Global Login Settings>General. Select one User authentication method with External server. I suggest to always have Local as backup…
You are done!
Logout from CMM and try to login with your domain credentials.


Latest posts by Dusan Tekeljak (see all)
- VM Latency Sensitivity set to High still fails with no (proper) warning - June 27, 2024
- ESXi 6.7 U1 fixes: APD and VMCP is not triggered even when no paths can service I/Os - November 30, 2018
- Update manager error: hosts could not enter maintenance mode - November 19, 2018
Thanks so much for this; saved a headache.
I can imagine… glad it helped 😉
Thank you, you’re a star.
Dusan, thanks for you work, but have one question. What if i have forest and would like to grand access for users not only from root but sub domains?
Find out it myself – just select “LDAP Servers” – “Use Pre-configured servers”. Add servers by domain name example:
root.local 3268
sub1,root.local 3268
sub2.root.local 3268
Create group in root domain (security – domain local group). Add users from subdomains to group.
PS: of course you need correct DNS servers setup.
Thanks for your example Dmitriy!
Unfortunately I don’t have environment to test it right now, but what I think could work also:
If you want to have access from multiple domains – create security group in root domain as you suggested and
Use DNS to find LDAP Servers
Active Directory Forest Name: domain.local
Domain Name: domain.local
Another option:
Create group in sub-domain (just to manage it on the correct place – like infra.domain.local) – you should be able to add members from the other domains as well
Use DNS to find LDAP Servers
Active Directory Forest Name: domain.local
Domain Name: infra.domain.local