Note: Make sure the uid attribute is properly configured on the LDAP server for target group members. The attribute will be used as the login username of the system.

1.Log into System Management page.

2.In the System Management page, click User Accounts > External Authentication.

3.Click Add LDAP Authentication. The Add LDAP Authentication Wizard opens to guide you through the steps to connect to the LDAP server and configure the tenant or domain access privileges for imported group users.

1)Enter a unique name to identify the LDAP server and a brief description.

2)Enter the credentials to connect to the LDAP server. See LDAP Server Settings for more details.

3)Click Show Group to find available user groups from the LDAP server. All matching groups are listed in the Groups pane.

4)Select one or more user groups to import, and then click Next.

Tip: Click Validate to verify whether the selected groups are still existed on the LDAP server. Click the icon to remove an invalid group from the list.

5)Assign domain access and more privileges to the users in the selected groups one by one.
 

▪Tenant Access — select one or more tenants to assign the access permissions to the users in the selected groups.

Tip: The accessible tenants can be modified on the Users tab after the users are synchronized.

▪Domain Access — select one or more domains under an accessible tenant to assign the domain access permissions to the users in the selected groups.

▪Role — click Assign Roles to assign more domain privileges to the users by role. See Share Policy for more details.

Tip: If all the built-in role can't satisfy your requirement, click Add Role to create one. See Adding a role for more details.

6)To apply the privilege settings to all existing users in the selected group, click Apply this setting to existing users. Click Yes in the Confirmation dialog box.

Tip: The privilege settings will also take effect on new users created under this group.

Tip: If a user belongs to multiple groups simultaneously, privilege changes on the current group will immediately take effect on the user, even though the privileges are kept in other groups that the user belongs to.

7)Click Save to commit the settings.

8)In the pop-up dialog, enter the username and password of a user under the specified server address or user root and click Verify to authenticate the connection.

9)Click OK in the pop-up dialog box.

10) By default, the authentication configuration is enabled. To disable it, clear the Enable check box on the External Authentication tab.

4.Navigate to the Users tab and click Synchronize With LDAP/AD Server to immediately load the user accounts imported from the LDAP server. Alternately, the user accounts can also be automatically synchronized after the first-time login.

Note: The synchronization only carries out on the enabled authentications.

Tip: If you add a new user to the selected group on the LDAP server after the synchronization, the user can immediately log into the specified domains with the assigned roles and privileges.

Note: If you delete any user accounts from the LDAP server, the changes will not be synchronized with the system automatically. You have to manually remove them from the system.

 

LDAP/AD Server Settings

The following table lists the credentials that are required when connecting to an LDAP/AD server.

 

 

See also:

▪Defining User Roles

▪Roles and Privileges