Adding an LDAP server

Edit online

You must add an LDAP server to create IBM Storage® Protect Plus user accounts by using an LDAP group. These accounts allows users to access IBM Storage Protect Plus by using LDAP user names and passwords. Only one LDAP server can be associated with an instance of IBM Storage Protect Plus virtual appliance.

About this task

You can add a Microsoft Active Directory or OpenLDAP server. Note that OpenLDAP does not support the sAMAaccountName user filter that is commonly used with Active Directory. Additionally, the memberOf option must be enabled on the OpenLDAP server.

Procedure

To register an LDAP server, complete the following steps:

  1. In the navigation panel, click System Configuration > LDAP/SMTP Server.
  2. In the LDAP Servers pane, click Add LDAP Server.
  3. Populate the following fields in the LDAP Servers pane:
    Host Address

    The IP address of the host or logical name of the LDAP server.

    Port

    The port on which the LDAP server is listening. The typical default port is 389 for non TLS connections or 636 for TLS connections.

    TLS
    Enable the TLS option to establish a secure connection to the LDAP server.
    Use existing user
    Enable to select a previously entered user name and password for the LDAP server.
    Bind Name

    The bind distinguished name that is used for authenticating the connection to the LDAP server. IBM Storage Protect Plus supports simple bind.

    Password

    The password that is associated with the Bind Distinguished Name.

    Base DN

    The location where users and groups can be found.

    User Filter
    A filter to select only those users in the Base DN that match certain criteria. An example of a valid default user filter is cn={0}.
    Tips:
    • To enable authentication by using the sAMAccountName Windows user naming attribute, set the filter to samaccountname={0}. When this filter is set, users log in to IBM Storage Protect Plus by using only a user name. A domain is not included.
    • To enable authentication using the user principal name (UPN) naming attribute, set the filter to userprincipalname={0}. When this filter is set, users log in to IBM Storage Protect Plus by using the username@domain format.
    • To enable authentication by using an email address that is associated with LDAP, set the filter to mail={0}.

    The User Filter setting also controls the type of user name that appears in the IBM Storage Protect Plus display of users.

    User RDN

    The relative distinguished path for the user. Specify the path where user records can be found. An example of a valid default RDN is cn=Users.

    Group RDN

    The relative distinguished path for the group. If the group is at a different level than the user path, specify the path where group records can be found.

  4. Click Save.

Results

IBM Storage Protect Plus completes the following actions:
  1. Confirms that a network connection is made.
  2. Adds the LDAP server to the database.

After the SMTP server is added, the Add LDAP Server button is no longer available.

What to do next

If a message is returned indicating that the connection is unsuccessful, review your entries. If your entries are correct and the connection is unsuccessful, contact a network administrator to review the connections.