3.0 Discovering Devices in LDAP Directories

You can search an LDAP directory for devices to add to your ZENworks database. The directory can be one that is already defined as a user source in your Management Zone, or it can be a new directory.

You can recursively search for device in all the directories from the root context. Or, you can limit the search by specifying one or more contexts to search. Device objects that are found are queried for well-known attributes (dnsHostName, OperatingSystem, wmNameDNS, wmNameOS, and so forth) to attempt to determine the OS version and DNS name of the device.

Before performing an LDAP discovery, make sure the following prerequisites are satisfied:

An LDAP search requires the ZENworks Server to provide credentials that give read access to the contexts being searched. When accessing Novell eDirectory, the account also requires read rights to the WM:NAME DNS attributes on the workstation and server objects.
An LDAP search of Active Directory requires the ZENworks Server to use a DNS server to resolve the device’s DNS name (as recorded on the object’s DNS name attribute in Active Directory) to its IP address. Otherwise, the device is not added as a discovered device.

You use the Create New Discovery Task Wizard to create and schedule an LDAP discovery task:

In ZENworks Control Center, click the Deployment tab.
In the Discovery Task panel, click New to launch the New Discovery Task Wizard.

Complete the wizard by using information from the following table to fill in the fields.

Wizard Page	Details
Select Discovery Type page	Select LDAP Discovery Task. Specify a name for the task. The name cannot include any of the following invalid characters: / \ * ? : " ' < > \| ` % ~
Enter LDAP Settings page > Search pre-configured LDAP source field	The Enter LDAP Settings page lets you identify the LDAP directory and contexts where you want to perform the discovery task. A preconfigured LDAP source is one that has already been defined as a user source in your Management Zone. If you want to select a new source, see Enter LDAP Settings page > Specify an LDAP Source field. To use a preconfigured source: Select Search pre-configured LDAP source, then select the desired source. If you don’t want to search the entire LDAP directory, you can identify specific search contexts/groups. To do so: In the LDAP Search Contexts/Groups panel, click Add to display the Enter Context or Group Information dialog box. Fill in the following fields: Context/Group DN: Click Browse to locate and select the context/group you want to search. Recursive Search: Select this option to search all subcontexts/subgroups. Click OK to save the search context/group. If necessary, modify the LDAP search filter. By default, the filter searches for the computer objectClass or server objectClass. When modifying the filter, you can use the standard filter syntax for your LDAP directory.
Enter LDAP Settings page > Specify an LDAP Source field	You can create a new connection to a LDAP directory in order to discover devices in the directory. If you want to use an existing connection, see Enter LDAP Settings page > Search pre-configured LDAP source field above. To create a new connection to an LDAP directory: Select Specify an LDAP source, then fill in the following fields: LDAP Server: Specify the IP address or DNS hostname of the server where the LDAP directory resides. LDAP Port/Use SSL: The default is standard SSL port (636) or non-SSL port (389), depending on whether the Use SSL option is enabled or disabled. If your LDAP server is listening on a different port, select that port number. Root Context: Establishes the entry point in the directory; nothing located above the entry point is available for searching. Specifying a root context is optional. If you don’t specify a root context, the directory’s root container becomes the entry point. Save Credentials to Datastore: Unless you save the credentials (defined in the Credentials list), they are stored only in memory. Saved credentials are encrypted in the database for increased security. Credentials are cleared from memory when the ZENworks Server is restarted. If you want to permanently retain the credentials, you should save them. Credentials: Click Add to specify a username and password that provides read-only access to the directory. The user can have more than read-only access, but read-only access is all that is required and recommended. When accessing Novell eDirectory, the user account also requires read rights to the WM:NAME DNS attributes on the workstation and server objects. For Novell eDirectory access, use standard LDAP notation. For example, cn=admin_read_only,ou=users,o=mycompany For Microsoft Active Directory, use standard domain notation. For example, AdminReadOnly@mycompany.com If you don’t want to search the entire LDAP directory, you can identify specific search contexts/groups. To do so: In the LDAP Search Contexts/Groups panel, click Add to display the Enter Context or Group Information dialog box. Fill in the following fields: Context/Group DN: Click Browse to locate and select the context/group you want to search. Recursive Search: Select this option to search all subcontexts/subgroups. Click OK to save the search context/group. If necessary, modify the LDAP search filter. By default, the filter searches for the computer objectClass or server objectClass.
Discovery Settings page	LDAP discovery retrieves the hostname, operating system type and version, and IP address of a discovered device from the LDAP source. Based on the selected discovery technologies, you can obtain the following additional information on a device: ZENworks Management Status Operating System Suites MAC Address Network Adapters CPU Memory and Disk Space To obtain additional information on a device: Select the Use the IP discovery technologies to gather more information option. Select Override Zone Discovery Settings, then select the discovery technologies. In the Credentials panel, add the credential information. For more information on how to add the credential information, click the Help button.
Set the Discovery Schedule page	Choose whether you want the task to run as soon as it is created (the Now option) or if you want to schedule the task to run at a future date and time. If you select Scheduled, choose one of the following schedules: No Schedule: Indicates that no schedule has been set. The task does not run until a schedule is set or it is manually launched. This is useful if you want to create the task and come back to it later to establish the schedule or run it manually. Date Specific: Specifies one or more dates on which to run the task. Recurring: Identifies specific days each week, month, or a fixed interval on which to run the task. For more information about the schedules, click the Help button.
Select Primary Server page	Select the ZENworks Server that you want to perform the deployment task.
Select Windows Proxy page > Override Zone Windows Proxy Settings field	Select this option if you want to override the Windows Proxy settings configured at the Management Zone in order to modify the settings of a task. A Windows Proxy is primarily used for Linux Primary Servers that cannot perform Windows-specific discovery tasks. However, you can also use a Windows Proxy for Windows Servers if you want to discover devices in a different subnet than the Primary Server. In order to protect information, such as a discovery credential, that is passed between the ZENworks Server and the Windows Proxy, the connection between the ZENworks Server and the Windows Proxy is secured through SSL.
Select Windows Proxy page > Use Windows Proxy for Windows Primary Server field	Select this option if you want to use a Windows Proxy instead of the Windows Primary Server to perform the discovery tasks. Discovery through WMI, WinAPI and SNMP requires certain ports to be reachable on the target devices, so the Primary Server can send Remote Registry, WMI, or SNMP requests to the target devices. Ports are opened by adding them as an exception in the Windows Firewall configuration settings. By default, the scope of the exception applies only to the local subnet. If the target device is in a different subnet than the Primary Server from which the discovery is run, you need to add the IP address of the Primary Server as an exception. However, if you use a Windows Proxy in the same subnet as a target device, you do not need to change the scope of the Windows Firewall exception. Windows Proxy: Select the managed Windows device (server or workstation) on which you want to perform discovery tasks on behalf of Linux Primary Servers or Windows Servers. Windows Proxy Timeout: Specify the number of seconds you want the ZENworks Server to wait for a response from the Windows Proxy. Any responses received after the specified timeout period are discarded.

When you finish the wizard, the discovery task is added to the list in the Discovery Tasks panel. You can use the panel to monitor the status of the task. As devices are discovered, they are listed in the Deployable Devices panel.