LDAP Configuration Guide

Similar documents
ACS 5.x: LDAP Server Configuration Example

Authenticating and Importing Users with AD and LDAP

Authenticating and Importing Users with AD and LDAP

Creating Column Profiles on LDAP Data Objects

Using SSL/TLS with Active Directory / LDAP

Authenticating and Importing Users with Active Directory and LDAP

Using an LDAP With ActiveWorkflow

Configuring Microsoft ADAM

Cisco Expressway Authenticating Accounts Using LDAP

Lightweight Directory Access Protocol (LDAP)

LDAP/AD v1.0 User Guide

Realms and Identity Policies

Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP

How to Configure Authentication and Access Control (AAA)

Realms and Identity Policies

Altova CbC Reporting Solution. Installation Guide

Xcalar Installation Guide

Obtaining the LDAP Search string (Distinguished Name)?

One Identity Quick Connect for Base Systems 2.4. Administrator Guide

Authenticating Cisco VCS accounts using LDAP

Migrating vrealize Automation 6.2 to 7.2

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

Realms and Identity Policies

Remote Support Security Provider Integration: RADIUS Server

CounterACT User Directory Plugin

CLI users are not listed on the Cisco Prime Collaboration User Management page.

F5 BIG-IQ Centralized Management: Licensing and Initial Setup. Version 5.2

RED IM Integration with Bomgar Privileged Access

VMware AirWatch Certificate Authentication for EAS with ADCS

NBC-IG Installation Guide. Version 7.2

Equitrac Integrated for Konica Minolta. Setup Guide Equitrac Corporation

SAS Web Infrastructure Kit 1.0. Administrator s Guide

ModLink Web Forms. Installation Guide LX-DOC-MLF2.0.0-IN-EN-REVB. Version 2.0.0

Novell Identity Manager

Managing External Identity Sources

Understanding the LDAP Binding Component

Enforced Client Policy & Reporting Server (EPRS) 2.3. Administration Guide

Security Provider Integration RADIUS Server

29 March 2017 SECURITY SERVER INSTALLATION GUIDE

Microsoft Dynamics GP Web Client Installation and Administration Guide For Service Pack 1

Instant HR Auditor Installation Guide

SD-T225/SD-T245 ViewSonic Device Manager Pro User Guide

Contents Overview... 5 Downloading Primavera Gateway... 5 Primavera Gateway On-Premises Installation Prerequisites... 6

Workspace ONE UEM Certificate Authority Integration with Microsoft ADCS Using DCOM. VMware Workspace ONE UEM 1811

SAML-Based SSO Configuration

ForeScout CounterACT. Configuration Guide. Version 6.3

VMware AirWatch Integration with Microsoft ADCS via DCOM

Remote Authentication

Integrated for Océ Setup Guide

Using vrealize Operations Tenant App as a Service Provider

NETWRIX INACTIVE USER TRACKER

Security Provider Integration LDAP Server

CLI users are not listed on the Cisco Prime Collaboration User Management page.

edp 8.2 Info Sheet - Integrating the ediscovery Platform 8.2 & Enterprise Vault

Version Installation Guide. 1 Bocada Installation Guide

Novell OpenLDAP Configuration

Oracle Fusion Middleware

RSA Identity Governance and Lifecycle Collector Data Sheet For Open LDAP

Azure MFA Integration with NetScaler

Cisco TelePresence Management Suite Provisioning Extension

Ekran System v.6.0 Privileged User Accounts and Sessions (PASM)

Bomgar Vault Server Installation Guide

Important notice regarding accounts used for installation and configuration

Table of Contents. Installing the AD FS Running the PowerShell Script 16. Troubleshooting log in issues 19

akkadian Global Directory 3.0 System Administration Guide

Installing and Configuring vcloud Connector

LDAP Directory Integration

Configure Settings and Customize Notifications on FindIT Network Probe

Mitel MiContact Center Enterprise WEB APPLICATIONS CONFIGURATION GUIDE. Release 9.2

LDAP Servers for AAA

DoD Common Access Card Authentication. Feature Description

KeyNexus Hyper-V Deployment Guide

Managing Certificates

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Perceptive Reflect. Installation and Setup Guide. Version: 2.3.x

Step 1 - Set Up Essentials for Office 365

Equitrac Integrated for Konica Minolta

Setting Up the Server

Configure IBM Rational Synergy with 3 rd Party LDAP Server. Release

FieldView. Management Suite

Understanding the LDAP Binding Component

LDAP Directory Integration

Installation Guide. CompanyCRYPT v1.4.5

How to Set Up External CA VPN Certificates

Configuring Cisco TelePresence Manager

Configuring SAML-based Single Sign-on for Informatica Web Applications

Altova CbC Reporting Solution. Installation Guide

VMware Horizon JMP Server Installation and Setup Guide. 13 DEC 2018 VMware Horizon 7 7.7

NetApp Cloud Volumes Service for AWS

Persistent Data Transfer Procedure

Installation Guide Worksoft Analyze

Equitrac Embedded for Sharp OSA. Setup Guide Equitrac Corporation

Polycom CMA System Upgrade Guide

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

Proofpoint Threat Response

Jabber for Windows - Quick Start Guide

Security 3. NiFi Authentication. Date of Publish:

IPv6 Support for LDAP

Configure the ISE for Integration with an LDAP Server

Transcription:

LDAP Configuration Guide Publication date: 11/8/2017 www.xcalar.com Copyright 2017 Xcalar, Inc. All rights reserved.

Table of Contents About this guide 3 Configuring LDAP 4 Before you start 5 Configuring and starting a new LDAP connection 6 Adding users 10 Adding users to the LDAP administrators group 15 Creating additional Xcalar admin users 17 Removing users 18 Copyright and trademark information 20 Copyright 2017 Xcalar, Inc. All rights reserved. 2

About this guide This guide is intended for the Xcalar administrator who has used the Xcalar Wizard to install Xcalar. If you use the Lightweight Directory Access Protocol (LDAP) server deployed by Xcalar, follow the instructions in this guide to perform these tasks: Configure the LDAP server so that you can manage user accounts on it. Create user accounts on the LDAP server so that users can log in to Xcalar. Add users to the LDAP administrators group if you want multiple users to have administrator privileges on the LDAP server. Create additional Xcalar administrator accounts if you (or other users) want to log in to Xcalar with administrator privileges by using a login name other than admin. Copyright 2017 Xcalar, Inc. All rights reserved. 3

Configuring LDAP You must configure the LDAP server before you can create and manage user accounts on it. (If you choose to use LDAP for user authentication, Xcalar users must have accounts on the LDAP server.) This section describes how to configure the LDAP server deployed by Xcalar on your Xcalar cluster. This section assumes that you have successfully completed these tasks: Installing the OpenLDAP server on the first node (node 0) by using the Xcalar Wizard. Downloading and installing the latest version of Apache Directory Studio, which is an LDAP directory client, on a computer that can access node 0 of the Xcalar cluster. Apache Directory Studio is available at this website: https://directory.apache.org/studio/downloads.html NOTE: The screenshots in this document are from a Windows-based computer. The exact screens depend on the operating system of your computer running Apache Directory Studio. Copyright 2017 Xcalar, Inc. All rights reserved. 4

Before you start Gather the following information: Fully qualified domain name (FQDN) or IP address of node 0 of the cluster. This information is used by Apache Directory Studio. If you want to access node 0 through a private host name or address, you can find the name or address by entering the following commands on node 0: cd /mnt/xcalar/config head -n1 privhosts.txt Password entered in Step 4 of the Xcalar Wizard. Domain name entered in Step 4 of the Xcalar Wizard. The following screenshot shows Step 4 of the Xcalar Wizard, in which the password and domain name are entered: Copyright 2017 Xcalar, Inc. All rights reserved. 5

Configuring and starting a new LDAP connection Follow these steps to configure and start a new LDAP connection: 1. Start Apache Directory Studio. 2. In the top menu, select clicking LDAP > New Connection. The New LDAP Connection window is displayed. 3. Enter the value for each field in the window as described in the following table: Field Connection name Hostname Value Any name to help you identify this connection Either: FQDN or IP address of node 0 private host name or IP address of node 0 Port Encryption method Provider 389 (default) Use StartTLS extension (recommended) Apache Directory LDAP Client API IMPORTANT: Do not click the check box for Read-Only. The following screenshot shows the Network Parameter section of the New LDAP Connection window with sample configuration information. Copyright 2017 Xcalar, Inc. All rights reserved. 6

4. Click Next. 5. Provide authentication information required for starting the connection to the LDAP server. Enter the value for each field as described in the following table: Field Value Authentication method Simple Authentication Copyright 2017 Xcalar, Inc. All rights reserved. 7

Field Bind DN or user Value The value depends on how you set up your domain name in Step 4 of the Xcalar Wizard: If the domain name is in the form of companyname.com, enter the following information in this field: cn=admin,dc=companyname,dc=com If the domain name is in the form of word1.word2.word3.word4, enter the following information in this field: cn=admin,dc=word1,dc=word2,dc=word3,dc=word4 Bind password The password entered in Step 4 of the Xcalar Wizard The following screenshot shows the Authentication section of the New LDAP Connection window with sample configuration information. Copyright 2017 Xcalar, Inc. All rights reserved. 8

6. Click the check box for Save password. 7. Click Check Authentication to verify that the credentials are correct. If you use TLS for encryption, a window may appear, prompting you to accept an SSL certificate. Accept the certificate either for this session or permanently. If authentication is not successful, verify the hostname of node 0, the ability to access to port 389 on node 0, the Bind DN, and the password. 8. Click Finish to open a connection to the LDAP server. After the connection is established, you can add user accounts on the LDAP server as described in Adding users. Copyright 2017 Xcalar, Inc. All rights reserved. 9

Adding users Follow these steps for adding each user: 1. In the LDAP Browser pane, locate DIT (Directory Information Tree) for your connection. If it is not displayed, click the connection name as shown in the following screenshot: 2. under DIT (Directory Information Tree), right click the ou=people entry to create a new entry for the organization unit, as shown in the following screenshot: Copyright 2017 Xcalar, Inc. All rights reserved. 10

The New Entry wizard is started. 3. Select Create entry from scratch. Then click Next. 4. In the Object Classes dialog box, click InetOrgPerson in the list of available object classes and click Add to select it. Then click Next. 5. In the Distinguished Name dialog box, select mail for the RDN field and then the email address. This email address is the user name for the Xcalar login. Copyright 2017 Xcalar, Inc. All rights reserved. 11

The following screenshot illustrates how to enter the information for a user whose user name is user1@example.com. 6. (Optional) Copy the information in the DN Preview field to your computer's clipboard so that you can paste the information later in this procedure. 7. Click Next. 8. In the Attribute dialog box, type the user's first name in the cn field and the user's last name in the sn field. Then click Finish. The user account is created. 9. To create a user password, add a new attribute, as shown in the following screenshot: Copyright 2017 Xcalar, Inc. All rights reserved. 12

10. In the Attribute Type dialog box, select userpassword from the drop-down menu. Then click Finish. 11. In the Password Editor, enter and confirm the new password. 12. Select SSHA as the hash method. Then click OK. A password is now created for the user account. 13. Follow these steps to add the user's distinguished name (DN) to the group named xceusers: a. Under ou=groups, click cn=xceusers. b. Right click in an existing uniquemember entry the Attribute Description column and then select New Value. c. In the new uniquemember entry, paste or type the user's DN. For example, type the following DN: mail=user1@example.com,ou=people,dc=example,dc=com d. Press Enter. The following screenshot illustrates the result of adding a user to xceuser. Copyright 2017 Xcalar, Inc. All rights reserved. 13

Copyright 2017 Xcalar, Inc. All rights reserved. 14

Adding users to the LDAP administrators group The admin account created by the Xcalar Wizard on the LDAP server has LDAP administrator privileges. The LDAP administrator can perform administrative tasks such as adding or removing user accounts. If you want another user to have LDAP administrator privileges, add the user to the administrators group. The user must already have an account on the LDAP server. Follow these steps in Apache Directory Studio when connected to the LDAP server: 1. In the LDAP Browser pane, click the cn=administrators entry under ou=groups. 2. In the Attribute Description column, follow one of these steps: If there is a uniquemember entry with no value, right click uniquemember and select Edit Value. If there is not an empty uniquemember entry (that is, if there is not a uniquemember entry with no value), right click an existing uniquemember entry and select New Value. The following screenshot shows how to edit the uniquemember entry. It is an example in which you create a uniquemember entry because currently there is not an empty entry. Copyright 2017 Xcalar, Inc. All rights reserved. 15

3. In the Value column for uniquemember, enter the full DN of the user who will become an LDAP administrator as in this example: mail=user1@example.com,ou=people,dc=example,dc=com Press Enter. The user whose DN is specified in the uniquemember entry is an LDAP administrator. This user has write permission to modify the LDAP directory schema, using Apache Directory Studio. Copyright 2017 Xcalar, Inc. All rights reserved. 16

Creating additional Xcalar admin users The Xcalar Wizard creates an admin account for logging in to Xcalar. If you want another user to have Xcalar administrator privileges, follow these steps: 1. In the LDAP Browser pane, click the user's DN listed under ou=people. 2. In the Attribute Description column, right click and select New Attribute. 3. In the New Attribute dialog box, select employeetype as the attribute type. 4. Click Finish. 5. In the Value field for employeetype, type administrator. 6. Press Enter. Now the user can log in to Xcalar as a Xcalar administrator. The following screenshot shows how to change a Xcalar user account to a Xcalar administrator account. Copyright 2017 Xcalar, Inc. All rights reserved. 17

Removing users Follow these steps for removing a user: 1. Right click the user under ou=people in the DIT, as shown in the following screenshot: 2. Select Delete Entry in the drop-down menu. Copyright 2017 Xcalar, Inc. All rights reserved. 18

3. Depending on whether the user is in the xceusers group or administrators group, click cn=xceusers or cn=administrators. 4. Locate the uniquemember entry corresponding to the user. Right click the entry to display a drop-down menu, as shown in the following screenshot: 5. Select Delete Value in the drop-down menu. Copyright 2017 Xcalar, Inc. All rights reserved. 19

Copyright and trademark information 2017 Xcalar, Inc. All rights reserved. Xcalar is a registered trademark of Xcalar, Inc. No part of this document covered by copyright may be reproduced in any form or by any means graphic, electronic, or mechanical, including photocopying, recording, taping, or storage in an electronic retrieval system without prior written permission of the copyright owner. The Xcalar logo, Fundamental Discovery, True Data in Place, Xcalar Compute Engine, Xcalar Data Prep, Xcalar Data Science, Xcalar Design, Xcalar Operational Analysis, Xcalar TeraRow, and Xcalar Virtual Data Warehouse are trademarks of Xcalar, Inc. Copyright 2017 Xcalar, Inc. All rights reserved. 20

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback