Skip to main content
A newer release of this product is available.

Manage remote users and groups

Contributors netapp-dbagwell

If you have enabled LDAP authentication on your Astra Control system, you can search for LDAP users and groups, and include them in the approved users of the system.

Add a remote user

Account Owners and Admins can add remote users to Astra Control.

Note You cannot add remote user if a local user with the same email address already exists on the system. To add the user as a remote user, delete the local user from the system first.
Important Astra Control Center uses the email address in the LDAP "mail" attribute to search for and keep track of remote users. This attribute might be an optional or empty field in your directory. An email address must exist in this field for any remote users you wish to appear in Astra Control Center. This email address is used as the username in Astra Control Center for authentication.
Steps
  1. Go to the Account area.

  2. Select the Users & groups tab.

  3. At the far right of the page, select Remote users.

  4. Select Add.

  5. Optionally, search for an LDAP user by entering the user's email address in the Filter by email field.

  6. Select one or more users from the list.

  7. Assign a role to the user.

    Note If you assign different roles to a user and the user's group, the more permissive role takes precedence.
  8. Optionally, assign one or more namespace constraints to this user, and select Restrict role to constraints to enforce them. You can add a new namespace constraint by selecting Add constraint.

    Note When a user is assigned multiple roles through LDAP group membership, the constraints in the most permissive role are the only ones that take effect. For example, if a user with a local Viewer role joins three groups that are bound to the Member role, the sum of the constraints from the Member roles take effect, and any constraints from the Viewer role are ignored.
  9. Select Add.

Result

The new user appears in the list of remote users. In this list, you can see active constraints on the user as well as manage the user from the Actions menu.

Add a remote group

To add many remote users at once, account Owners and Admins can add remote groups to Astra Control. When you add a remote group, all remote users in that group are added to Astra Control and inherit the same role.

Steps
  1. Go to the Account area.

  2. Select the Users & groups tab.

  3. At the far right of the page, select Remote groups.

  4. Select Add.

    In this window, you can see a list of the common names and distinguished names of LDAP groups that Astra Control retrieved from the directory.

  5. Optionally, search for an LDAP group by entering the group's common name in the Filter by common name field.

  6. Select one or more groups from the list.

  7. Assign a role to the groups.

    Note The role you select is assigned to all users in this group. If you assign different roles to a user and the user's group, the more permissive role takes precedence.
  8. Optionally, assign one or more namespace constraints to this group, and select Restrict role to constraints to enforce them. You can add a new namespace constraint by selecting Add constraint.

    Note When a user is assigned multiple roles through LDAP group membership, the constraints in the most permissive role are the only ones that take effect. For example, if a user with a local Viewer role joins three groups that are bound to the Member role, the sum of the constraints from the Member roles take effect, and any constraints from the Viewer role are ignored.
  9. Select Add.

Result

The new group appears in the list of remote groups, and all remote users in this group appear in the list of remote users. In this list, you can see details about the group as well as manage the group from the Actions menu.