Adding a role for an LDAP user

About this task

When an LDAP user has been assigned LDAP groups, at least one of those groups must map to a role in OpsCenter. Otherwise, the user cannot log in to OpsCenter.

Add a parallel role in OpsCenter that mirrors the name of one of the LDAP groups assigned to a user. OpsCenter grants the matching role to the user.

If the list of a user’s LDAP groups map to more than one role in OpsCenter, the user will be granted each of the listed roles, and their resulting OpsCenter permissions will be the merging of permissions for all of their OpsCenter roles.

The group_search_type property indicates which method is used to determine LDAP group membership:

  • If using directory_search, the group_search_filter_with_dn must return a list of LDAP roles that matches at least one of the OpsCenter roles.

  • If using memberof_search, the list of LDAP roles from the user’s memberof attribute must match at least one of the OpsCenter roles.

When LDAP is enabled, only role editing is supported in OpsCenter role-based security. Creating or editing users is disabled when LDAP is enabled because the users originate from LDAP and are managed therein. When creating or editing user roles, OpsCenter LDAP supports non-ASCII character sets for the role name. Because LDAP supports non-ASCII character sets for users, OpsCenter also supports non-ASCII character sets for users logging in to OpsCenter.

Only an OpsCenter admin can add roles.

Prerequisites

Locate the opscenterd.conf configuration file. The location of this file depends on the type of installation:

  • Package installations: /etc/opscenter/opscenterd.conf

  • Tarball installations: install_location/conf/opscenterd.conf

Configure the admin role in the opscenterd.conf by setting the admin_group_name configuration option. Then, log in to OpsCenter with a user mapped to that role so you can add any needed roles.

Procedure

  1. Click Settings > Roles.

    The Manage Roles dialog appears.

  2. Click Add Role.

  3. Select the cluster.

  4. Enter a role name.

  5. Select the appropriate permissions and click Save.

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2024 DataStax | Privacy policy | Terms of use

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com