Creating a role for an LDAP user

An LDAP user role must also exist in tandem within OpsCenter. Create a parallel role in OpsCenter that mirrors the permissions of a user's LDAP role.

When an LDAP user has an assigned LDAP role, that exact same role must also exist in OpsCenter, otherwise the user cannot log in to OpsCenter. Create a parallel role in OpsCenter that mirrors the name of the LDAP role assigned to a user. The User Search Filter (search_dn) must identify only a single role in LDAP, and that role must match the user's role in OpsCenter. An LDAP user can have multiple LDAP roles; however, the User Search Filter specified should only identify a single role.

When LDAP is enabled, only role editing is supported in OpsCenter role-based security. Creating or editing users is disabled when LDAP is enabled because the users originate from the LDAP and are managed therein. When creating or editing user roles, OpsCenter LDAP supports non-ASCII character sets for the role name. Since LDAP supports non-ASCII character sets for users, OpsCenter also supports non-ASCII character sets for users logging in to OpsCenter.

Only an OpsCenter admin can create roles.

Prerequisites

After you configure the admin role in the admin_group_name configuration option, log in with a user that has that role so that you can create any additional needed roles.

Procedure

  1. Click Settings > Roles.
    The Manage Roles dialog appears.
  2. Click Create Role.
  3. Select the cluster.
  4. Enter a role name.
  5. Select the appropriate permissions and click Save.