Option

Description

passwd_db

Contains the required OpsCenter user role information.

enabled

Set to True to enable LDAP authentication.

authentication_method

Set to LDAP, regardless if configuring Active Directory.

server_host

The host name of the LDAP server.

server_port

The port on which the LDAP server listens. For example, 389 or 636. * 389 is the default port for non-SSL LDAP and AD. * 636 is the default port for SSL LDAP and AD. For more information about ports, see OpsCenter ports.

hostname_verification

uri_scheme

In LDAPv2 environments, TLS is normally started using the LDAP Secure URI scheme instead of the normal LDAP URI scheme. OpenLDAP command line tools allow either scheme to be used with the -H flag and with the URI ldap.conf(5) option. Defaults to ldaps for ldap_security = None; defaults to ldaps for ldap_security = SSL or TLS.

search_dn

search_password

The password of the search_dn user.

user_search_base

The search base for your domain, used to look up users. Set the ou and dc elements for your LDAP domain. For example, this can be set to ou=users,dc=domain,dc=top level domain. More specifically: ou=users,dc=example,dc=com. Active Directory uses a different user search base. For example: CN=search,CN=Users,DC=Active Directory domain name,DC=internal. More specifically: CN=search,CN=Users,DC=example-sales,DC=internal.

user_search_filter

group_search_base

The LDAP search base used to find a group. Example: ou=groups,dc=qaldap,dc=datastax,dc=lan

group_search_filter

group_search_filter_with_dn

The LDAP search filter that is used to find a user’s group. Uses the full user’s 'DN' from a user search. Overrides the deprecated group_search_filter. Example: (member={0}).

group_name_attribute

The LDAP field name used to identify a group’s name. For example: cn.

admin_group_name

The name of the admin group or a comma-separated list of admin group names; for example: admin, superusers. OpsCenter automatically creates the roles with admin permissions for the roles provided in the admin_group_name list. Escape any restricted LDAP characters. If your group name contains restricted LDAP characters such as "," a comma, you must escape them. For example, two admin groups "foo , bar" and "baz" should be entered as: foo \, bar, baz

user_memberof_attribute

Set to the attribute on the user entry containing group membership information. Set this option when using a memberof_search for the group_search_type.

OpsCenter allows for an alternate method of determining a user’s role. When using memberof_search, rather than doing a directory search in LDAP for any roles that match the user, only the user is inspected. You can specify which attribute for a user is inspected. For example, you can define a user with a new attribute such as opscenter_role and populate it with the user’s role in OpsCenter. Specify the value of the new attribute so that OpsCenter can inspect the user attribute.

group_search_type

user_memberof_stores_dn

ldap_security

The type of security to use with LDAP: None, TLS, or SSL. When set to TLS, uses TLS start. Setting this option to TLS or SSL sets the uri_scheme to LDAPS. Setting this option to None sets the uri_scheme to LDAP.

truststore

Path to the truststore for SSL certificates.

truststore_type

Type of the truststore. Default: JKS (Java Keystore).

truststore_pass

The password to access the truststore.

enforce_single_user_search_result

Returns an error when multiple entries are returned from a user search after all applicable referrals are followed. Set to False if the user_search_base is not confined to one Organizational Unit (OU). Default: True.

connection_timeout

The number of seconds to wait before concluding that the LDAP server is down. Default: 20 seconds.