Linking with an Active Directory or LDAP server

Ops Center Installation and Configuration Guide

Version
11.0.x
Audience
anonymous
Part Number
MK-99OPS001-23
By linking Common Services with an external Active Directory or LDAP server, you can consolidate actions related to authenticating Hitachi Ops Center users. You can link Common Services with an Active Directory or LDAP server from the Hitachi Ops Center Portal.

You can link Common Services with one of the following authentication servers:

  • Active Directory server
  • LDAP server that support LDAPv3 and LDAPS

You can link Common Services with either one Active Directory server or one LDAP server. You cannot link Common Services with both types of servers.

The following conditions apply when you link Common Services with an Active Directory server or LDAP server.

Active Directory server:
  • You can set only one Active Directory server.
  • Both LDAP(S) and Kerberos are supported as authentication protocols.
  • When using Kerberos authentication, you can set only one realm.
  • You can register Common Services users for, objects that are located under the base DN and with an objectclass of person.
  • To log in to the Hitachi Ops Center Portal, use the Active Directory sAMAccountName as the user name.
  • You can specify groups under the base DN to import.
LDAP server:
  • You can set only one LDAP server.
  • Only LDAP(S) is supported as an authentication protocol.
  • You can import a maximum of 100 user accounts.

    To narrow down the users to import, you can filter the search conditions by using LDAP attributes.

  • Synchronizing user groups between the LDAP server and Common Services is not supported.
Note:
  • To use Analyzer viewpoint, you must specify an email address for the mail attribute.
  • A user who has the same user name or email address as a local user of Common Services cannot log in to the Hitachi Ops Center Portal.

    Before setting up the linkage, you must delete the local user in the Hitachi Ops Center Portal or change the email address of the local user.

  • If the certificate of the LDAP server has expired, all users including local users of Common Services will be unable to log in to the Hitachi Ops Center Portal.

    To avoid this, you must update the certificate of the LDAP server before it expires and import the certificate into the Common Services truststore.

For details on how to set up a link with an Active Directory or LDAP server and details on users and user groups, see Configuring a link to an Active Directory or LDAP server.