Using the ObjectScale Portal user interface, you can add multiple external authentication providers.
Prerequisites
You must know the connection information for the provider.
The external provider must be running and available on the network. ObjectScale attempts to connect to the provider using the information that you provide. If the connection is unsuccessful, you cannot create the provider.
You must know the path names of folders on the provider where the users and groups that need access to ObjectScale are defined.
You must be a Management User with the Admin or Security Admin role.
Steps
From the ObjectScale Portal user interface, click
Administration > Security Settings.
Click
Authentication Providers.
The screen lists all configured external providers.
Click
New Authentication Provider.
Complete the
General screen.
Directory Type
LDAP or
AD.
Description
Optional description of this provider.
Domain Name
Domain name of the authentication server. The value must be alphanumeric characters.
For example:
myserver.example.com.
NOTE:An IP address such as 10.10.10.1 is not valid in this field.
Base Distinguished Name
The starting point for searches on the server. Provide the components in comma-separated format without spaces. For example:
dc=myserver,dc=example,dc=com
Server Addresses
One or more IP addresses for connecting to the provider. For example, 10.10.10.1.
Server Port
The port on the provider that receives authentication requests.
If secure is true, then it defaults to port 636. If not provided, it defaults to 389.
Authentication Type
This field is preconfigured. ObjectScale supports only username and password authentication.
Bind User
The distinguished name for the user account to use when connecting to the provider. This user account must have permission to access the users and groups that you intend to add to ObjectScale. For example:
Specify whether to enable communication when this provider is successfully created in ObjectScale. The option is set to
No by default.
Secure
Specify whether SSL communication is required to connect to the provider. The option is set to
Yes by default.
CA Certificate
Required if
Secure is set to
Yes. Provide the contents of the
.pem file that holds the certificate for SSL connection to the provider. You can either:
Paste the contents of the
.pem file into the text box.
Click
Select to browse to the
.pem file on your system. ObjectScale copies the contents of the file and pastes it into the text box.
Network Timeout (sec)
Optional but recommended. Specify how long, in seconds, that ObjectScale waits for a connection to the authentication provider.
Search Timeout (sec)
Optional but recommended. Specify how long, in seconds, ObjectScale waits for the authentication provider to respond to a request.
Click
Next.
Complete the
Users screen.
User Search Path
The distinguished name that describes the folder on the external provider that contains the users who need ObjectScale access. For example:
CN=users,dc=myserver,dc=example,dc=com
User Name Attribute
The attribute name used in the external provider for username values. For example:
sAMAccountName
User Object Class
The object class name used by the external provider for users. For example:
user
User Inherited Groups Level
Optional. Levels of parent groups that are associated with users. For example, 2 would indicate two levels in the group hierarchy.
Click
Next.
Complete the
Groups screen.
Group Search Path
The distinguished name that describes the folder on the external provider that contains the groups whose members need ObjectScale access. For example:
CN=users,dc=myserver,dc=example,dc=com
Group Name Attribute
The attribute name used in the external provider for group name values. For example:
cn.
Groups Attribute
Optional. The attribute name that contains the groups for a user on the AD or LDAP user entry. For example:
memberOf
Group Object Class
The object class name used by the external provider for groups. For example:
group.
Click
Next.
Review the information and then click
Save.
ObjectScale verifies the contents of all fields. If values are rejected, error messages appear on the screen. ObjectScale attempts to connect to the authentication server using the connection information that you provided. If the connection is not successful, ObjectScale displays an appropriate error message on the Portal screen. You must correct all errors before you can save the new provider.
To correct errors:
Click
Back to return to the appropriate screen.
Make corrections.
Click
Next to return to the last screen.
Click
Save.
Results
A success message appears when the provider is created.
Next steps
Continue to
Map ObjectScale roles to external users to assign ObjectScale permissions to users and groups that are defined in the external provider. Without role mappings, external users in the configured User and Group Search Path fields can log in but they are immediately logged out. In that case, the ObjectScale Portal displays a message stating that the user has no ObjectScale permissions.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\