Settings > Add an authentication directory service

  

 next

Add an authentication directory service

You can use an external authentication directory service (also called an enterprise directory or authentication login domain) to authenticate users logging in to the appliance instead of maintaining individual local login accounts.

If you replicate the authentication directory service for high availability or disaster tolerance, add the replicated directory service as a separate directory service.

Prerequisites 

  • Minimum required privileges: Infrastructure administrator.

  • The authentication directory service must already be configured.

  • Obtain an X509 certificate from the directory service provider. This certificate ensures the integrity of communication between the appliance and the directory service. The certificate chain can be fetched automatically. On acceptance, the top certificate (or an intermediate certificate, in the case of a CA certificate) is trusted.

Adding an authentication directory service

  2. Either click the Edit icon in the Security panel or select ActionsEdit.

  3. On the Edit Security screen, under Directories, click Add Directory.

  4. Enter the data requested on the screen. See Add/Edit Directory screen details.

  5. Click Add directory server.
    [IMPORTANT: ]

    IMPORTANT: The decision whether to search the Global Catalog or the domain is based on the scope of the search:

    • When the scope of a search is the domain or an organizational unit, use the SSL port. The default is 636.

    • When the scope of a search is the forest, use the SSL Global Catalog port. The default is 3269.

  6. Enter the data requested on the screen. See Add Directory Server screen details.
    [NOTE: ]

    NOTE: For Open LDAP:

    • Use the Add button to add Organizational unit fields as needed.

    • To delete an Organizational unit field and its entry, click the corresponding icon.

  7. Click Add to add the server and return to the Add Directory screen.
    [NOTE: ]

    NOTE: If you check the Specify certificate check box, a field opens in which you can copy and paste the Directory server certificate.

    If you leave Specify certificate unchecked, a dialog box opens. You will be prompted to accept the certificate after you click Add in the next step.

    If you want to enter the certificate manually, select the Specify certificate option, and then use the following command to obtain the directory server certificate:

    openssl s_client –host directory-server-host -port 636

  8. Click Add to add the authentication directory service or click Add+ to add more directory services.

  9. After adding the authentication directory service:

    1. Verify the configuration: on the Security screen under Directories.

    2. Validate the directory server configuration..

Recommended next step: Add a group with directory-based authentication.

prev

 

up

 next

Set an authentication directory service as the default directory 

home

 Add/Edit Directory screen details

Copyright © 2012, 2016 Hewlett Packard Enterprise Development LP