ViPR Controller -Configuring AD Authentication

The default built-in administrative accounts may not be granular enough to meet your business needs, if this is the case then adding an authentication provider such as Active Directory which we highlight as part of this configuration allows you to assign users or groups to specific roles.

The example configuration provided here was part of an Enterprise Hybrid Cloud solution.

  1. In order to apply this security configuration you will need to login as root.
  2. Select Security > Authentication Providers.vipr_ad1
  3. Enter the appropriate values for the attributes, paying special attention to the requirements for the Manager DN user:

Name: Enter a suitable name for the authentication provider. (You can have multiple providers for different domains.)
Type: Select Active Directory or LDAP
Description: description of the authentication provider.
Domain: Enter the domain being used e.g. domain.local
Server URLs: Enter the ldap or ldaps (secure LDAP) IP address of the domain controller. The default port for ldap is 389 and is 636 for ldaps. Enter the port number if not using the default port e.g. ldap://<domain controller IP>:<port>
Manager DN: Enter the user account that ViPR uses to connect to Active Directory or LDAP server e.g. CN=adbind_vipr,OU=EHC,DC=domain,DC=local
Password: Enter the password for the adbind uservipr_ad2

   4. The Group Attribute can remain at default CN. Indicates the Active Directory attribute that is used to identify a group. Used for searching the directory by groups.

5. The Group Whitelist should contain the Active Directory User Groups that will contain members requiring ViPR privileges. vipr_ad3

 

6.  In the Search section, ensure the search filter is userPrincipalName=%u, set the Scope to Subtree and enter the Search Base (e.g. OU=EHC,DC=domain,DC=local), then click Save. vipr_ad4

7. To verify the configuration, add a user from the authentication provider at Security > VDC Role Assignments, then try to log in as the new user. (ViPR usernames should be in the format user@domain)

vipr_ad5

vipr_ad6

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s