How it Works
HP
Loading...
CloudSystem Foundation
Administrator's Guide
211 pgs3.99 Mb0
Reference Guide
34 pgs970.62 Kb0
Getting Started Guide
1 pgs65.72 Kb0
Quick Start Guide
20 pgs697.01 Kb0
Installation Guide
72 pgs1.45 Mb0
White Paper
5 pgs205.61 Kb0
User's Guide
7 pgs365.31 Kb0
Security Solutions
16 pgs554.24 Kb0

HP CloudSystem Foundation User's Guide

HP CloudSystem Enterprise and Foundation Software
Configuring in
Directory Tree sample
Below is an Active Directory tree sample that contains units unit “Sales Group” groups as well as “smith” and “johnson” user accounts. Let’s consider belongs to the “Admins Group” “johnson” is
Directory Services
HP CloudSystem
CloudSystem identity management includes support for Microsoft Active Directory and OpenLDAP. This white paper details step-by-step how to set up directory services in CloudSystem Foundation and Enterprise.
Directory Tree Samples
Two directory tree samples are employed in this white paper. The Directory Tree 1 represents a Microsoft Active Directory tree while the Directory Tree 2 exemplifies an OpenLDAP tree. Both are detailed in the right side column.
CloudSystem Foundation
Use the CloudSystem Console to manage directory services in CloudSystem Foundation. Infrastructure administrators can configure directories and associate directory groups to administrative roles. Create a directory entry using the CloudSystem Console > Settings > Security > Edit > Directories > Add directory screen.
The CloudSystem Portal and its underlying OpenStack Keystone service are automatically configured based on the default directory set in the CloudSystem Console. Cloud administrators can then manage directory users within the directory service itself, without any other configuration in CloudSystem.
The following sections depict how to set up Microsoft Active Directory and OpenLDAP. in CloudSystem.
Microsoft Active Directory
Step 1. Add the directory. Name the directory entry and select the “Active Directory” type. Enter the search context which consists of user identifier, user search base and base DN (suffix) as shown below.
Important: Be sure to enter the search context correctly and identically in Foundation (CloudSystem Console) and Enterprise (Cloud Service Management Console).
1 – Active Directory
hierarchical organizational
. The “North America” organizational
contains the “Admins Group” and
the
that the “smith” user account
while
a member of “Sales Group”.
Figure 1 – Creating the “North America” directory
5900-3794, September 2014
Directory Services on CloudSystem
The search context is interpreted as follows:
User Name/ID: CN
User search base: OU=North America, OU=Users
Base DN: DC=example, DC=com
Step 2. Configure the server. Enter an IP address or host name, directory server port and directory server certificate:
Figure 2 - Configuring a server for the “North America” directory
Step 3. Check and save the settings. On the “Add directory” dialog, enter valid user credentials in the username and password textboxes. Make sure the user account is located under the
user search base.
Then check the connectivity and save the configuration.
Step 4. Set the default directory. On the “Edit Security” dialog, choose a directory as the default directory. For example:
Figure 3 – Setting the “North America” as the default directory
Step 5. Add a directory group. Go to CloudSystem Console > User and Groups > Add Directory User or Group. Connect to a pre-defined directory using a user account. Then select a group from the list and assign a role to it. For example:
Figure 4 - Assigning the "Admins Group" to the Full Infrastructure administrator role
5900-3794, September 2014
2
Directory Services on CloudSystem
Directory Tree
Below is an OpenLDAP tree sample that contains “ contains accounts. On the other side, the “groups” organization and “ “garcia” user account “admins g of “s
Active Directory constraints. Below are listed the main constraints in CloudSystem Foundation for Microsoft Active Directory:
Directory tree: groups must be located under the user search base
Directory schema
– Users: supports the “user” objectClass only – Groups: supports the “group” and “groupOfNames” objectClasses only
OpenLDAP
Step 1. Add the directory. Give a name to the directory entry and select the “OpenLDAP” type. Then enter the search context which consists of user identifier, user search base and base DN (suffix) as shown below:
Figure 5 - Creating the “South America” directory
The search context is interpreted as following:
User Name/ID: CN
User search base: OU=south america, OU=people
Base DN: DC=example, DC=com
2 – OpenLDAP sample
tree organizational units. The
south america” organizational unit
“garcia” and “silva” user
al unit holds “admins group”
sales group”. Let’s consider the
belongs to the
roup” while “silva” is a member
ales group”.
Step 2. Configure the server. Enter an IP address or host name, directory server port and directory server certificate as follows:
Figure 6 - Configuring a server for the “South America” directory
Step 3. Check and save the settings. On the “Add directory” dialog, enter valid user credentials in the username and password textboxes. Make sure the user account is located under the
user search
base. Then check the connectivity and save the configuration.
Step 4. Set the default directory. On the “Edit Security” dialog, choose a directory as the default:
5900-3794, September 2014
3
Loading...
+ 4 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use