Adding users using LDAP

Virtual Storage Platform One File Management Software Installation and Configuration Guide

Version
1.2.x
Audience
anonymous
Part Number
MK-24VSP1F004-04

You can add users in the VSP One File management software using Keycloak by connecting to an LDAP server. The LDAP server contains user groups which are mapped and synchronized to a local LDAP user group in Keycloak.

Verify the following:

  • You are logged on to VSP One File management software as security administrator (secadmin) and start Keycloak.
  • A local LDAP group is created in Keycloak for synchronization with LDAP server groups.
  • You know the LDAP provider and a trusted certificate for the provider is registered in the System Administrator truststore as described in Uploading trusted certificates for LDAP providers.
  1. Navigate to Configure > User federation.
  2. In the User federation page, click Add LDAP providers.

    Screenshot showing the selection of Add LDAP providers from User federation menu in Keycloak
  3. In the Add LDAP provider page, complete the configuration to connect to the LDAP server, and then click Save. The configuration details are described in the Keycloak documentation.

    Make sure that you set the LDAP edit mode to READ_ONLY which restricts Keycloak to update user information like username and password on the LDAP server.

    If the LDAP server has large directory trees, do not import users locally as you can search users on Keycloak after connecting to the LDAP server.

  4. In the LDAP configuration, click the Mappers tab, and then click Add mapper.
    Screenshot showing the selection of the LDAP configurationScreenshot showing the selection of the mappers tab in the LDAP configuration
  5. In the Create new mapper page, to map LDAP groups to Keycloak, enter the mapper name, select the group-ldap-mapper, and then complete the configuration to map the LDAP server to Keycloak, and then click Save. The mapping details are described in the Keycloak documentation.
    Screenshot showing the selection of the group-ldap-mapper as mapper type in the LDAP configuration

    Make sure that you point the mapper path to the local Keycloak group folder, that the LDAP users appear inside the local Keycloak group after synchronization.

  6. To synchronize the LDAP groups with the local LDAP group in Keycloak, select the Action list, and then click Sync LDAP groups to Keycloak.
    Keycloak notifies you when the synchronization between the LDAP server groups and the local LDAP group completes.
  7. Navigate to Manage > Groups.
  8. In the Groups page, click the local LDAP group.
  9. In the LDAP group details page, click a sub-group.
    Groups in the LDAP server become sub-groups when synchronized to the local LDAP group in Keycloak.
  10. In the sub-group details page, click the Role Mapping tab, and then assign a role to the sub-group.
    Users in the sub-group inherit the role assigned to the sub-group. The users can then use their LDAP credentials to login to the VSP One File management software.