Adding a role for an LDAP user
An LDAP user group must also exist in tandem within OpsCenter. Add a parallel role in OpsCenter that mirrors the permissions of one of the user's LDAP groups.
When an LDAP user has been assigned LDAP groups, at least one of those groups must map to a role in OpsCenter. Otherwise, the user cannot log in to OpsCenter.
Add a parallel role in OpsCenter that mirrors the name of one of the LDAP groups assigned to a user. OpsCenter grants the matching role to the user.
If the list of a user's LDAP groups map to more than one role in OpsCenter, the user will be granted each of the listed roles, and their resulting OpsCenter permissions will be the merging of permissions for all of their OpsCenter roles.
- If using
directory_search, thegroup_search_filter_with_dnmust return a list of LDAP roles that matches at least one of the OpsCenter roles. - If using
memberof_search, the list of LDAP roles from the user'smemberofattribute must match at least one of the OpsCenter roles.
When LDAP is enabled, only role editing is supported in OpsCenter role-based security. Creating or editing users is disabled when LDAP is enabled because the users originate from LDAP and are managed therein. When creating or editing user roles, OpsCenter LDAP supports non-ASCII character sets for the role name. Because LDAP supports non-ASCII character sets for users, OpsCenter also supports non-ASCII character sets for users logging in to OpsCenter.
opscenterd.conf
The location of the opscenterd.conf file depends on the type of installation:- Package installations: /etc/opscenter/opscenterd.conf
- Tarball installations: install_location/conf/opscenterd.conf
Prerequisites
Procedure
-
Click .
The Manage Roles dialog appears.
- Click Add Role.
- Select the cluster.
- Enter a role name.
- Select the appropriate permissions and click Save.