Active Directory integration

We will now configure the AD/LDAP authentication integration for UCS. We will integrate UCS Manager to the Microsoft Active Directory domain controller. On the AD side, appropriate user groups should be created that can be used to provide mapping to UCS roles that provide privileges to the AD authenticated users accordingly.

Perform the following procedure to enable Active Directory authentication:

  1. Log in to UCS Manager.
  2. Click on the Admin tab in the navigation pane.
  3. On the Admin tab, click on User Management to expand its content.
  4. Click on LDAP in the navigation pane and click on Create LDAP Provider in the work pane:
  1. In the pop-up window, provide the following AD configuration details:
    1.  Provide a DNS hostname or IP of the domain controller.
    2. Type in lowest-available in the Order field.
    3. Provide the distinguished name (DN) of the user with read and search permissions in the Active Directory in the Bind DN field. It is recommended to use the normal user or service account with read permissions only and not an administrator account for Bind DN.
    4. Provide a specification location of the AD where the search should start in the Base DN field. You may start from the root of the AD for smaller organizations. For a large AD implementation, it is recommended to start the search from the OU where the AD users/groups are located.
    5. Type 389 in Port and leave Enable SSL unchecked for regular communication without SSL or check Enable SSL with the appropriate AD port.
    6. Type sAMAccountName=$userid into the Filter field.
    7. Leave the Attribute field blank.
  1. Type in a password for the bind user configured in step 3 and reconfirm the password. Type in a Timeout value in seconds:
  1. Click on Next and configure Group Authorization by clicking on the Enable button.
  2. Leave the other two settings, Group Recursion and Target Attribute, with the default values.
  3.  Click on Finish.
  4. Repeat the steps for the other domain controllers:
  1. Create an LDAP provider group adding all domain controllers in the provider group and perform the following steps:
    1. Click on LDAP in the navigation pane and click on Create LDAP Provider Group in the work pane.
    2. In the pop-up window, assign a Name for the LDAP Provider Group.
    3. Select domain controllers in the left-hand side pane and click on >> to add them to the group.
  1. Create an LDAP group map for mapping AD users/groups to UCS local roles in order to provide access privileges. Perform the following steps to do so:
    1.  Click on LDAP in the navigation pane and click on Create LDAP Group Map in the work pane.
    2. In the pop-up window, type in the LDAP Group DN of the AD user group to be mapped to a local role.
    3. Select the local UCS role from the Roles field.
    4. Repeat the same procedure for adding all the roles.
  1. The next screenshot shows an example of some LDAP groups mapped to UCS roles. You can create different LDAP groups and map them to UCS local roles as per your environment:
  1. The last step for the Active Directory configuration is to define the authentication domain for UCS Manager:
    1. Expand Authentication in User Management and right-click on Authentication Domains to create a new domain:
  1. In the pop-up window, assign a Name to the domain.
  2.  In the Realm field, select the Ldap radio button.
  3.  Select value for Provider Group from the drop-down menu and select OK:
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.14.251.128