Adding an identity source

Unified Compute Platform (UCP) Advisor Administration Guide
Version
4.6.x
Audience
anonymous
Part Number
MK-92UCP119-15
ft:lastEdition
2024-09-24

You can configure an identity source, such as Active Directory with LDAP or LDAPS, for authenticating users and groups.

  • The default port for LDAP is 389.
  • The default port for LDAPS is 636.
Important: If the UserDN has a large number of users and groups, it takes approximately 5 minutes to search and display the user name when adding permissions to the user. Instead, add an Active Directory with a specific organizational unit (OU) or container that has access to UCP Advisor.
  • To add Active Directory with a default container: Using LDAP or LDAPS, create a service account with minimum read-only access to Active Directory.
  • To add Active Directory with a child domain: Using LDAP or LDAPS, create the user in a child domain with minimum read-only access to the child domain.
  • Verify that the domain controller servers are reachable from the UCP Advisor VMs.
  • Verify that the UCP Advisor VMs are configured with the same DNS as the Active Directory.
  1. Click Settings > Manage Users.
  2. On the Identify Sources tab, click Add Identity Source.

    Click Add Identity Source

  3. Enter the following:
    Identity Source Name

    Enter the name for the identity source.

    BindDN
    Enter the BindDN, which is a distinguished name of the user that authenticates the Active Directory with LDAP or LDAPS. See Adding an LDAPS certificate for more information.
    Password
    Enter the BindDN user password.
    UserDN
    Enter the UserDN, which is a distinguished name of the organizational unit (OU) that contains the users and groups to be imported.
    Primary domain controller URL
    Enter the primary Active Directory domain controller to connect and import users and groups.
    For example: ldap://controller1.example.com:389 or ldaps://controller1.example.com:636
    Secondary domain controller URL (Optional)
    Enter the secondary Active Directory domain to connect and import users and groups.
    For example: ldap://controller2.example.com:389 or ldaps://controller2.example.com:636
  4. Click Submit.
Assign a UCP Advisor role to the Active Directory with LDAP or LDAPS groups. See Assigning roles to a group.