Creating an LDAP connection

To synchronize an RBAC user database with an LDAP-based user registry, you must establish a connection with an LDAP server.

For information about modifying LDAP connections, see Modifying LDAP connections.

Before you begin

Obtain the certificate needed to secure the connection between the Application Server and the LDAP server. For more information about obtaining this certificate, see Obtaining a certificate used to trust the LDAP server.

To create an LDAP connection

  1. In the RBAC Manager folder, select LDAP Synchronization > LDAP Connections.
  2. Create a new LDAP connection by right-clicking and selecting New > LDAP Connection.
    The New Connection wizard appears.
  3. Provide information for the LDAP connection, as described in the following topics:
    • LDAP Connection - General

       Click here to see descriptions of the fields.

      Field definitions

      Field

      Description

      Name

      Identifying name.

      Description

      Optional descriptive text.

      Server

      The URL of the LDAP server. Enter the URL using any of the following formats:

      • hostname
      • ipAddress
      • ldap://hostname:port
      • ldap://ipAddress:port

      If you use either of the first two formats, the system assumes a port number of 389.

      An IP address can be either IPv4 or IPv6. If you specify an IPv6 address, enclose the IPv6 address in square brackets. For example: ldap://[2001:db8::1:2]:389

      Verify host name when establishing a secure connection

      Validates the identify of the LDAP server.

      If you check this option, the system compares the host name included in the certificate that the LDAP server presents when connecting with the Application Server to the host name specified in the URL of the LDAP server (provided in the Server option).

      Certificate

      Specifies the certificate on the client that can be used to ensure trust when establishing a connection with the LDAP server. Click Browse and navigate to the file containing the certificate to be associated with the LDAP connection.

      To select files of type .pem, you must choose the All Files filter.

      Certificates identified in this way are imported into the Application Server's trust store.

      For more information about obtaining the certificate, see Obtaining a certificate used to trust the LDAP server.

      After you have specified the certificate, you can click Details to show detailed information about the certificate.

    • LDAP Connection - Properties

       Click here to see descriptions of the fields.

      The Properties panel provides a list of properties automatically assigned to a Snapshot Job. In this list, you can modify the value of any properties that are defined as editable.

      For any property that has a check in the Editable column, select the property and click in the Value column.

      • To set a property value back to its default value, click Reset to Default Value .
        The value of the property is reset to the value it inherits from a built-in property class. The Value Source column shows the property class from which the value is inherited.
      • Depending on the type of property you are editing, you can take different actions to set a new value, such as entering an alphanumeric string, choosing from an enumerated list, or selecting a date.
        To insert a parameter into the value, enter the value, bracketed with double question mark delimiters (for example, ??MYPARAMETER??) or click Select Property .

    • LDAP Connection - Permissions

       Click here to see descriptions of the fields.
      The Permissions list is an access control list (ACL) granting roles access to any objects created in the system, such as jobs, servers, or depot objects. ACLs control access to all objects, including the sharing of objects between roles.

      Using the Permissions panel, you can add individual permissions to an object. You can also set permissions by adding ACL templates or ACL policies. For more information, see the following table:

      TaskDescription

      Adding an authorization

      An authorization grants permission to a role to perform a certain type of action on this object.

      To add an authorization to this object, click Add Entry  in the Access Control List area. Then use the Add New Entry dialog box to specify the role and authorization you want to add.

      Adding an ACL template

      An ACL template is a group of predefined authorizations granted to roles. Using an ACL template, you can add a group of authorizations to the object.

      To add an ACL template to the object, click Use ACL Template  in the Access Control List area. Then use the Select ACL Template dialog box to specify an ACL template that you want to add to this object.

      To set the contents of the selected ACL templates so they replace all entries in the access control list, check Replace ACL with selected templates. If you do not check this option, the contents of the selected ACL templates are appended to existing entries in the access control list.

      Adding an ACL policy

      An ACL policy is a group of authorizations that can be applied to this object but can be managed from one location.

      To add an ACL policy to this object, click Use ACL Policy  in the ACL Policies area. Then use the Select ACL Policy dialog box to specify an ACL policy that you want to add to the object.

      To set the contents of the selected ACL policies so they replace all entries in the access control list, check Replace ACL with selected policies. If you do not check this option, the contents of the selected ACL policies are appended to existing entries in the access control list.

  4. Click Finish at any time to close the wizard and save your changes.

Where to go next

LDAP Connection - General

Was this page helpful? Yes No Submitting... Thank you

Comments