- Notes, cautions, and warnings
- Revision history
- About using this guide
- Overview
- Getting Started with ObjectScale
- IAM accounts and account entities
- Introduction to Identity and Access Management
- Accounts
- New Accounts
- View the summary of an account
- Edit Account
- Enable or Disable an Account
- Delete an account
- Users
- Groups
- Roles
- Policies
- Create a new customer-managed policy
- Edit a customer-managed policy
- Delete a customer-managed policy
- Attach a policy to an account entity
- Detach a policy from an account entity
- Attach a permission boundary to an account entity
- Detach a permission boundary from an account entity
- Actions in IAM Policy
- Principal types in IAM Policies
- Identity Provider
- Root Access Keys
- Notification Destinations
- Object stores
- About ObjectScale object stores
- Creating a new object store
- Edit the settings of an object store
- Delete an object store
- View the Summary of an object store
- View the Dashboard of an Object Store
- Understand object store space reclamation
- Set capacity alerts for an object store
- Add additional accounts to an object store
- Edit an account values for an object store
- Remove an account from an object store
- View the certificates for an object store
- Monitor and manage replication for an object store
- View the health of an object store
- Metrics
- Buckets
- About ObjectScale buckets
- Create a bucket
- Edit a bucket
- View the summary of a bucket
- Delete a bucket
- Configure Bucket Logging
- About bucket policies
- Setting up bucket event notifications
- View the Bucket Summary
- Managing Bucket Replication
- Federate ObjectScale Systems
- ObjectScale Replication
- Platform settings
- Management Users and Roles in ObjectScale
- Authentication Providers in ObjectScale Software Bundle
- ObjectScale Administration
- About the Administration section of the ObjectScale Portal
- Installing and maintaining the health of ObjectScale
- Licensing ObjectScale
- System support
- SAML Service Provider Metadata
- Manage ObjectScale Certificates
- Security settings
- Active sessions
- ObjectScale Upgrades
- ObjectScale 1.3 upgrade considerations
- Upgrade ObjectScale on OpenShift
- Upgrade Considerations for OpenShift Container Platform from 4.12 to 4.13
- Prerequisites for OpenShift Container Platform Upgrade from 4.12 to 4.13
- Upgrade Procedure for OpenShift Container Platform from 4.12 to 4.13
- Upgrade ObjectScale on Software Bundle
- Upgrade ObjectScale on Appliance
- Troubleshooting Object store upgrade status in progress after failed node repair
- ObjectScale Management REST API
- Accessing data with IAM and S3
- ObjectScale IAM overview
- Amazon S3 API support in ObjectScale
- Alerts
- About ObjectScale instance event and issue monitoring
- Monitoring Events, Audits, and Alerts
- CSI-01
- CSI-03
- CSI-05
- DECKS-HC-1000
- DECKS-LIC-1002
- DECKS-LIC-1005
- DECKS-LIC-1006
- DECKS-LIC-1008
- DECKS-LIC-1011
- DECKS-SA-1023
- DECKS-SA-1024
- KAHM-HC-1000
- OBJSC-CO-0000
- OBJSC-CO-0001
- OBJSC-CO-0002
- OBJSC-CO-0003
- OBJSC-CO-0004
- NVMF-1389
- NVMF-1390
- NVMF-1393
- NVMF-1395
- NVMF-1396
- OBJPRECHK-2000
- OBJPRECHK-2001
- OBJPRECHK-2002
- OBJPRECHK-2003
- OBJPRECHK-2004
- OBJPRECHK-2005
- OBJPRECHK-2006
- OBJPRECHK-2007
- OBJPRECHK-2008
- OBJPRECHK-2009
- OBJPRECHK-2010
- OBJPSTCHK-3000
- OBJPSTCHK-3001
- OBJPSTCHK-3002
- OBJPSTCHK-3003
- OBJSC-FED-1001
- OBJSC-IAM-1004
- OBJSC-LIC-0004
- OBJSC-MGR-3000
- OBJSC-MGR-HC-1000
- OBJSC-MON-1111
- OBJSC-MON-1112
- OBJSC-MON-1113
- OBJSC-MON-3002
- OBJSC-MON-3003
- OBJSC-MON-4019
- OBJSC-MON-4020
- OBJSC-MON-4021
- OBJSC-MON-4022
- OBJSC-MON-4025
- OBJSC-MON-4028
- OBJSC-SP-0000
- OBJSC-SP-0001
- OBJSC-SP-0002
- OBJSC-SP-0003
- OBJSC-SP-0004
- OBJSC-TARGET-01
- OBJSOP-1000
- OBJSOP-1001
- OBJSOP-1002
- OBJSOP-1003
- OBJSOP-1004
- OBJSOP-1005
- OBJSOP-1006
- OBJSOP-2001
- OBJSOP-2002
- OBJST-1006
- OBJST-1008
- OBJST-12001
- OBJST-12003
- OBJST-12004
- OBJST-12005
- OBJST-12006
- OBJST-12007
- OBJST-12008
- OBJST-12010
- OBJST-12011
- OBJST-13000
- OBJST-13001
- OBJST-13002
- OBJST-13003
- OBJST-13004
- OBJST-13005
- OBJST-13006
- OBJST-13007
- OBJST-13008
- OBJST-13009
- OBJST-13010
- OBJST-13011
- OBJSTEPUPD-4000
- OBJSTEPUPD-4001
- OBJSTEPUPD-4002
- OBJSTEPUPD-4003
- OBJSTEPUPD-4004
- OBJSTEPUPD-4005
- OBJSTEPUPD–4006
- OBJSTEPUPD–4007
- OBJSTEPUPD–4008
- OBJST-1320
- OBJST-1321
- OBJST-1324
- OBJST-1325
- OBJST-1328
- OBJST-1329
- OBJST-1332
- OBJST-1333
- OBJST-1336
- OBJST-1337
- OBJST-1340
- OBJST-1341
- OBJST-1344
- OBJST-1345
- OBJST-1352
- OBJST-1354
- OBJST-1364
- OBJST-1365
- OBJST-1366
- OBJST-1389
- OBJST-1390
- OBJST-1392
- OBJST-1600
- OBJST-1601
- OBJST-1602
- OBJST-1603
- OBJST-1604
- OBJST-1605
- OBJST-1700
- OBJST-1701
- OBJST-2100
- OBJST-2101
- OBJST-MON-4016
- OBJST-MON-4019
- OBJST-MON-4020
- OBJSTORE-HC-1000
- OBJUPD-1000
- SNMPNOTI-1000
- TEST TRAP
- Metrics for ObjectScale and object stores
- Maintain ObjectScale
- About ObjectScale service procedures
- About ObjectScale capacity expansion procedures
- About ObjectScale maintenance modes
- Maintenance mode in ObjectScale on OpenShift
- Place a node into temporary maintenance mode (ObjectScale on OpenShift)
- Remove a node from temporary maintenance mode (ObjectScale on OpenShift)
- Place a healthy node into permanent maintenance mode (ObjectScale on OpenShift)
- Place a failed node into permanent maintenance mode (ObjectScale on OpenShift)
- Temporary maintenance mode for ObjectScale Software Bundle
- Maintenance mode in ObjectScale on Appliance
- Disk replacement service procedure
- Perform a node replacement service procedure (ObjectScale on OpenShift)
- Add a node (ObjectScale Software Bundle)
- Remove a node (ObjectScale Software Bundle)
- Prepare a failed node for node hardware or software maintenance (ObjectScale Software Bundle)
- Prepare a healthy node for node hardware or software maintenance (ObjectScale Software Bundle)
- Replace a healthy node within the ObjectScale Software Bundle
- Replace a failed node within the ObjectScale Software Bundle
- Add a node (ObjectScale Appliance)
- Node Replacement on ObjectScale Appliance
- Node Repair on ObjectScale Appliance
- Failed Node Repair on ObjectScale Appliance
- View service procedure status
- Updating iDRAC IPs Using Server Patch API for ObjectScale Appliance
- Shutting Down and Restarting ObjectScale
- About ObjectScale service procedures
Dell ObjectScale 1.3 Administration Guide
Create an external authentication provider
Using the ObjectScale Portal user interface, you can add multiple external authentication providers.
Prerequisites
- You must know the connection information for the provider.
- The external provider must be running and available on the network. ObjectScale attempts to connect to the provider using the information that you provide. If the connection is unsuccessful, you cannot create the provider.
- You must know the path names of folders on the provider where the users and groups that need access to ObjectScale are defined.
- You must be a Management User with the Admin or Security Admin role.
Steps
- From the ObjectScale Portal user interface, click .
-
Click
Authentication Providers.
The screen lists all configured external providers.
- Click New Authentication Provider.
-
Complete the
General screen.
Directory Type LDAP or AD. Description Optional description of this provider. Domain Name Domain name of the authentication server. The value must be alphanumeric characters.
For example: myserver.example.com.
NOTE:An IP address such as 10.10.10.1 is not valid in this field.Base Distinguished Name The starting point for searches on the server. Provide the components in comma-separated format without spaces. For example: dc=myserver,dc=example,dc=com
Server Addresses One or more IP addresses for connecting to the provider. For example, 10.10.10.1. Server Port The port on the provider that receives authentication requests. If secure is true, then it defaults to port 636. If not provided, it defaults to 389.
Authentication Type This field is preconfigured. ObjectScale supports only username and password authentication. Bind User The distinguished name for the user account to use when connecting to the provider. This user account must have permission to access the users and groups that you intend to add to ObjectScale. For example: CN=Administrator,CN=Users,dc=myserver,dc=example,dc=com
Bind Password The password for the bind user account. Status Specify whether to enable communication when this provider is successfully created in ObjectScale. The option is set to No by default. Secure Specify whether SSL communication is required to connect to the provider. The option is set to Yes by default. CA Certificate Required if Secure is set to Yes. Provide the contents of the .pem file that holds the certificate for SSL connection to the provider. You can either: - Paste the contents of the .pem file into the text box.
- Click Select to browse to the .pem file on your system. ObjectScale copies the contents of the file and pastes it into the text box.
Network Timeout (sec) Optional but recommended. Specify how long, in seconds, that ObjectScale waits for a connection to the authentication provider. Search Timeout (sec) Optional but recommended. Specify how long, in seconds, ObjectScale waits for the authentication provider to respond to a request. - Click Next.
-
Complete the
Users screen.
User Search Path The distinguished name that describes the folder on the external provider that contains the users who need ObjectScale access. For example: CN=users,dc=myserver,dc=example,dc=com
User Name Attribute The attribute name used in the external provider for username values. For example: sAMAccountName User Object Class The object class name used by the external provider for users. For example: user User Inherited Groups Level Optional. Levels of parent groups that are associated with users. For example, 2 would indicate two levels in the group hierarchy. - Click Next.
-
Complete the
Groups screen.
Group Search Path The distinguished name that describes the folder on the external provider that contains the groups whose members need ObjectScale access. For example: CN=users,dc=myserver,dc=example,dc=com
Group Name Attribute The attribute name used in the external provider for group name values. For example: cn. Groups Attribute Optional. The attribute name that contains the groups for a user on the AD or LDAP user entry. For example: memberOf Group Object Class The object class name used by the external provider for groups. For example: group. - Click Next.
-
Review the information and then click
Save.
ObjectScale verifies the contents of all fields. If values are rejected, error messages appear on the screen. ObjectScale attempts to connect to the authentication server using the connection information that you provided. If the connection is not successful, ObjectScale displays an appropriate error message on the Portal screen. You must correct all errors before you can save the new provider.
-
To correct errors:
- Click Back to return to the appropriate screen.
- Make corrections.
- Click Next to return to the last screen.
- Click Save.
Results
Next steps
Continue to Map ObjectScale roles to external users to assign ObjectScale permissions to users and groups that are defined in the external provider. Without role mappings, external users in the configured User and Group Search Path fields can log in but they are immediately logged out. In that case, the ObjectScale Portal displays a message stating that the user has no ObjectScale permissions.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\