Setting up LDAP authentication for ElastiStor

You can use an external LDAP server such as Microsoft Active Directory to authenticate ElastiCenter users.To do this, map the ElastiCenter administrator types with the groups created in the directory service, for example Active Directory Server groups using CloudByte ElastiStor global settings.

The following illustration explains how the authentication works:

LDAP

Setting up LDAP authentication involves procedures on both ElastiCenter and the Active Directory Server

On Active Directory Sever

Create Active Directory user
  1. On your Active Directory Server, select Server Manager (Start > Administrative Tools).
  2. In the Server Manager, click Tools.
  3. In the right pane, click Active Directory Users and Groups.
  4. In the Active Directory Users and Groups wizard, right-click your Domain name.
  5. Select New and then select User.
  6. 2NewUser

  7. In the User page, specify the relevant information of the user and then click Next.
  8. In the following page, specify and confirm password for the user.
  9. Click Finish.
Create Active Directory Group

Note: Create an individual group for each administrator type in ElastiCenter. For details, see http://www.docs.cloudbyte.com/delegated-administration/

  1. On your Active Directory Server, select Server Manager (Start > Administrative Tools).
  2. In the Server Manager, click Tools.
  3. In the right pane, click Active Directory Users and Groups.
  4. In the Active Directory Users and Groups wizard, right-click your Domain name.
  5. Select New and then select Group.
  6. Specify a name for the group to be created.
  7. Click OK.
Adding Users to the Groups

Add users to the group that you want to map with the users in the various administrator type groups in ElastiCenter.

  1. On your Active Directory Server, select Server Manager (Start > Administrative Tools).
  2. In the Server Manager, click Tools.
  3. In the right pane, click Active Directory Users and Groups.
  4. In the Active Directory Users and Groups wizard, click your Domain name.
  5. From the list of Groups and users, right-click the User you want to add to the Group.
  6. Click Add to a Group.
  7. 3Group

  8. In the dialog box, specify the name of the Group to which you want to add the user.
  9. At the prompt, click OK.

On ElastiCenter

  1. In the admin section of ElastiCenter, click LDAP Configuration.

    LDAP_conf_1
  2. In the Actions pane, click configure LDAP.

    LDAP_conf_2
  3. In the Configure LDAP page, specify the configuration details:

    LDAP_conf_specify_details
  4. Option Description
    Host Name The fully qualified domain name or the IP address of the LDAP Server. For example, my.ladap.com or 10.10.10.10
    Port The port on which the LDAP Server is listening. The default port is 389.
    Bind DN The distinguished name of the user on the LDAP Server. For example, test\Administrator.
    Bind Password Password for the name specified in the Bind DN field.
    Search Base Distinguished name of the Directory tree level, where the query should start the search. For example, CN=Users,DC=CBQA,DC=com.
    1. Click OK.
    Set Group names for administrators on ElastiCenter
    1. In the admin section of ElastiCenter, click Global Settings.

      LDAP_conf_global_settings
    2. In the Global Settings page, search for LDAP.
    3. To define the user roles, click Edit and then specify the Group name for the administrators.
    4. Repeat step 3 for all types of administrators on ElastiCenter.
    Log in to ElastiCenter using the LDAP user credentials

    Once you have configured LDAP authentication for CloudByte ElastiStor, you must add users to the administrator roles in ElastiStor. For details of administrator types, see http://www.docs.cloudbyte.com/delegated-administration/.

    1. Launch ElastiCenter using the URL in the following format: https://ElastiCenter_Management_IP_Address.
    2. Specify the following login credentials of an AD user: username and password.
      welcome_cloudbyte_elasticenter_login_page1
    3. Note: You can view the login credentials using the User Properties page (User > Properties > Account) as shown in the following screen:

      account_details

    4. Re-log in to ElastiCenter as super administrator.
    5. As a super administrator, map the administrator roles to the newly added users.
      1. In ElastiCenter, select the Account to which the user belongs to.
      2. In the Actions pane, select Manage Administrator.
      3. Select Assign Administrator.

      Note: If you want to map the administrator roles for Site-Admin or the View-Admin, follow the procedures in the section Create Site administrators or view administrators