Administrators can use an LDAP (Lightweight Directory Access Protocol) server and a directory service, such as Microsoft's Active Directory.
Configuration workflow
If an LDAP server and directory service are used in the network, configuration works as follows:
- An administrator logs in to SANtricity Unified Manager with a user profile that includes Security admin
permissions.
Note: The admin user has full access to all functions in the system.
- The administrator enters the configuration settings for the LDAP server. Settings include the domain name, URL, and Bind account information.
- If the LDAP server uses a secure protocol (LDAPS), the administrator uploads a certificate authority (CA) certificate chain for authentication between the LDAP server and the host system where the Web Services Proxy is installed.
- After the server connection is established, the administrator maps the user groups to the local user roles. These roles are predefined and cannot be modified.
- The administrator tests the connection between the LDAP server and the Web Services Proxy.
- Users log in to the system with their assigned LDAP/Directory Services credentials.
Management
When using directory services for authentication, administrators can perform the following management tasks:
- Add a directory server.
- Edit directory server settings.
- Map LDAP users to local user roles.
- Remove a directory server.
- Change passwords.
- Set a minimum length for passwords.
- Allow users to log in without passwords.