DataStax Help Center

Example: How to Configure OpsCenter with Active Directory LDAP using sAMAccountName for authentication

Summary

 How can I configure OpsCenter with sAMAccountName as the login parameter. This was tested with Active Directory on Windows Server 2008 and 2012 and OpsCenter V5.2.4. It should work with OpsCenter 5.x.

LDAP Configuration Information

Groups and Roles

This example assumes that the groups for OpsCenter are located in the following DN:

  • OU=roles,dc=ldap,dc=datastax,dc=com
  • OU=roles is just an LDAP organizational unit that will contain OpsCenter groups. OpsCenter uses roles internally. OpsCenter roles are the equivalent groups in LDAP.

Under that organization unit OU=roles, we have inserted a group called admin with the following DN:

  • CN=admin,OU=roles,dc=ldap,dc=datastax,dc=com
  • This group will contain a user through the ldap member attribute
  • member: CN=Guillaume Labelle,CN=Users,DC=ldap,DC=datastax,DC=com

The CN=admin located in LDAP matches one of the security roles in OpsCenter

LDAP User

This example also assumes that you have at least one user in the LDAP server that will be used for OpsCenter authentication. For this example we have the following user setup in LDAP:

  • User Container DN: CN=Users,DC=ldap,DC=datastax,DC=com
  • Full User DN: CN=Guillaume Labelle,CN=Users,DC=ldap,DC=datastax,DC=com with ldap attribute memberof with CN=admin,OU=roles,DC=ldap,DC=datastax,DC=com
  • The login name will be Guillaume Labelle
  • The CN=admin,OU=roles,DC=ldap,DC=datastax,DC=com is the ldap group and also the opscenter role the user belongs to.

OpsCenter Configuration

We have updated the opscenter.conf file located under .../opscenter/conf with the following values, lines with <<<<--- need to be accurate.

[authentication]

enabled = True

authentication_method = LDAP

[ldap]

server_host = <ENTER LDAP SERVER IP/Hostname Here>

server_port = <ENTER LDAP SERVER IP/Hostname Here>

search_dn = User that will manager your LDAP interaction, needs full DN)

search_password = *******

uri_scheme = ldap <<<<---

user_search_base = cn=users,dc=ldap,dc=datastax,dc=com <<<<---

user_search_filter = (sAMAccountName={0}) <<<<---

group_search_filter_with_dn = (member={0}) <<<<---

group_search_base = ou=roles,dc=ldap,dc=datastax,dc=com <<<<---

group_name_attribute = cn <<<<---

admin_group_name = admin <<<<---

group_search_type = directory_search <<<<---

Next Step

  • Restart OpsCenter
  • Login using the UID that is a member of the admin group, in this example it would be glabelle
Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk