Skip to main content
NetApp Knowledge Base

How to configure System Manager for authentication using domain user or group

  1. Last updated
  2. Save as PDF
Views:
22,758
Visibility:
Public
Votes:
11
Category:
ontap-system-manager
Specialty:
om
Last Updated:

LDAPS (LDAP over SSL or TLS)

 

Applies to

Description

  • Active Directory users and groups can be used to authenticate into ONTAP System Manager.
  • When configuring a group, members of the group will be allowed to authenticate without having to create an entry for each group member.

Procedure

Prerequisites:

  • The cluster admin vserver must have a configured domain tunnel or LDAP client prior to adding users.

  • Review the domain tunnels and LDAP clients documentation for more information on how to configure them.

Steps:

  • To add a System Manager user for AD or LDAP authentication from within the System Manager UI

    1. In System Manager, navigate to Cluster > Settings, then click clipboard_e1a1a04b5916680b7b9d8049820cec307.png in the Users and Roles tile
    2. Click the clipboard_e941829fc4c526a671870cd23407a2f88.png button
    3. Select System Manager as TARGET PRODUCT, HTTP as APPLICATION, and either Active Directory Domain (for AD) or Name Server Switch (for LDAP) as AUTHENTICATION method
  • To add a System Manager user for AD or LDAP authentication via ONTAP command line

    The following example demonstrates the security login create command for adding an entry that allows users to authenticate they are a member of the "test_group" LDAP group within the "ocdomain" domain, using the nsswitch (LDAP) method option.

    cluster1::> security login show  -user-or-group-name ocdomain\*
    Vserver: cluster1
                                                                     Second
    User/Group                 Authentication                 Acct   Authentication
    Name           Application Method        Role Name        Locked Method
    -------------- ----------- ------------- ---------------- ------ --------------
    ocdomain\test_group   http        nsswitch        admin            -      none

    1 entries were displayed.

    Figure 1: Login to System Manager via domain\username
    clipboard_ea9df182ea609581a373a3b9000f9f0bc.png

    1. Use the security login create command to create a login method for the management utility

    • Specify http application type (for Web service requests)
    • Authentication method as "domain" for AD, or "nsswitch" for LDAP
    • security login create -user-or-group-name ocdomain\test_group -application http -authentication-method nsswitch -role admin -vserver admin_vserver

 

  • Validate configured Domain or LDAP users/groups:
    • Via CLI:
      • Run the security login show command to view the output
    • Via System manager:
      1. Log into System Manager using admin account
      2. To view the user or group entries in the UI, navigate to Cluster Settings, and then in the Security section, click the clipboard_e1a1a04b5916680b7b9d8049820cec307.png in the Users and Roles tile
      3. Figure 2: Settings > Users

  1. clipboard_e5e20530a111e8626cb141c8eb850b925.png

Additional Information

 

 

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.