Administration > Login Services

Login Services settings page

On the Login Services page, you can configure an LDAP or Active Directory (AD) server to supply usernames and groups for authorizing access to the Avere Control Panel.

Note

This page only configures directory services for the cluster login (Avere Control Panel). This system is not used to authenticate client requests (see the Cluster > Directory Services settings page to configure client access).

There are multiple steps to configuring LDAP/AD-based login services:

  1. Use the LDAP section on this page to specify one or more LDAP or AD servers

  2. Use the Login section to choose LDAP as the user source

  3. Create an AvereAdmins group in your directory services system, as described below.

  4. To enable secure access, you must also do the following:

    • Click the Secure access checkbox on this page.

    • Open ports 636 and 389 to the LDAP service.

      Port 636 is used for secure LDAP (over SSL, also known as LDAPS). Port 389 is used for STARTTLS access, which is used to authenticate the Avere cluster using the standard LDAP port in order to establish the LDAPS.

The Avere Admins Group

Avere OS recognizes users in a group named AvereAdmins as having configuration privileges for the cluster. Users in the AvereAdmins group automatically have full access privileges to the Avere Control Panel and command-line interface:

  • AvereAdmins users have full access privileges on the Avere Control Panel - they can both monitor and configure the cluster from the web interface.
  • Users in the AvereAdmins group can make XML-RPC calls to configure the cluster from a remote system.

You can set up this group on your AD or LDAP server. Follow the standard procedure for creating user groups on your AD or LDAP system, but be careful to use the correct syntax to specify group members for your system, as explained in the note below.

Note

Depending on which system you use, the syntax for specifying group members is different.

  • For an AD server, use the member attribute to specify group members.
  • For a non-AD server with an RFC2307 schema, you must use the attribute memberUid.

If you use the incorrect schema to encode group members, the members might not be recognized by the Avere system.

Specifying the Server

Use the LDAP section of the Login Services page to specify the servers to use for authenticating users logging in to the cluster. Fill in the directory service information as required.

LDAP Server
Enter the IP address or fully qualified domain names for up to three LDAP or AD servers. Separate multiple entries with spaces.
LDAP base DN
Enter the base name of the LDAP domain.
Secure access

Check this box if you want the system to encrypt all LDAP connections.

When you check the Secure access box, additional security options appear:

  • Require valid certificate checkbox - Uncheck this box if you use self-signed certificates.
  • CA certificate URI field - If using a certificate authority, you must specify the resource identifier for downloading a signed certificate in this field. Click Download Now to test the URI by retrieving the certificate. Otherwise, the system will attempt to download the certificate when you click Submit.

In addition to the information on this page, you must make sure that ports 636 and 389 are open to the LDAP service, as mentioned in the first section of this document.

Bind DN and Bind password
Name and password to transmit for secure LDAP connections

Specifying the Login Username Sources

Use the drop-down selector in the Login section of the page to choose the source for login names.

Choosing the source of login names

Choose Local to use only the individual accounts set up on the Administration > Users page, or Local/LDAP to use both the individual accounts and the LDAP or AD servers configured on this page.

You cannot unselect the Local option (that is, you cannot manage logins exclusively from a directory server); the Avere Control Panel always must have a locally defined administrator account.

updated 2017-11-15