Creating and using domain-specific LDAP users
You can create an open LDAP user and groups that are specific to different network domains. Use these LDAP users to access the Resource types that belong to those domains. You can either use your own LDAP server and the configured users or use the built-in OpenLDAP by specifying the LDAP credentials (username and password) to log in to Telco Network Cloud Manager - Performance.
Steps to create and use domain specific LDAP users:
Create LDAP users
Follow these steps to create built-in OpenLDAP users from Telco Network Cloud Manager - Performance system:
- Log in to your cloud platform web console.
- Make sure you are in
tncpproject or namespace. - Click .
- Click
SecurityPod and access the terminal. - Create LDAP users as needed.Follow the commands to create <userA>, <userB>, and <userC>:
echo "dn: cn=<userA>,ou=people,dc=customer,dc=com objectclass: inetOrgPerson cn: <userA> sn: <userA> uid: <userA> userPassword: <userA> dn: cn=<userB>,ou=people,dc=customer,dc=com objectclass: inetOrgPerson cn: <userB> sn: <userB> uid: <userB> userPassword: <userB> dn: cn=<userC>,ou=people,dc=customer,dc=com objectclass: inetOrgPerson cn: <userC> sn: <userC> uid: <userC> userPassword: <userC>"> /tmp/ldpusersNote: Theldpusersinput file is created and saved in /tmp folder. - Add the users to LDAP with this
command:
ldapadd -H ldap://:1389/ -x -D "cn=admin,dc=customer,dc=com" -f /tmp/ldpusers -w admin
For more information, see Creating an LDAP user.
Create remoteContext groups
Create the groups that are needed for domain-specific groups as
remoteContext_<group_name> where
remoteContext represents the domain. Follow these steps:- Log in to your cloud platform web console.
- Make sure you are in
tncpproject or namespace. - Click .
- Click
SecurityPod and access the terminal. - To create a group, give the following
commands:
echo "dn: cn=remoteContext_<group_name1>,ou=groups,dc=customer,dc=com objectClass: groupOfUniqueNames cn: remoteContext_<group_name1> uniqueMember: cn=<userA>,ou=people,dc=customer,dc=com dn: cn=remoteContext_<group_name2>,ou=groups,dc=customer,dc=com objectClass: groupOfUniqueNames cn: remoteContext_<group_name2> uniqueMember: cn=<userB>,ou=people,dc=customer,dc=com dn: cn=remoteContext_<group_name3>,ou=groups,dc=customer,dc=com objectClass: groupOfUniqueNames cn: remoteContext_<group_name3> uniqueMember: cn= <userC>,ou=people,dc=customer,dc=com"> /tmp/ldpgroupsNote: Theldpgroupsinput file is created and saved in /tmp folder. - Create the groups with the following
command:
ldapadd -H ldap://:1389/ -x -D "cn=admin,dc=customer,dc=com" -f /tmp/ldpgroups -w admin
Add users to all the groups
Add the newly created users to
npiusers, dashboardusers, and
remoteContext groups. Follow these steps:- Run the following commands in the
SecurityPod terminal:echo "dn: cn=npiusers,ou=groups,dc=customer,dc=com changetype: modify add: uniqueMember uniqueMember: cn=<userA>,ou=people,dc=customer,dc=com dn: cn=npiusers,ou=groups,dc=customer,dc=com changetype: modify add: uniqueMember uniqueMember: cn=<userB>,ou=people,dc=customer,dc=com dn: cn=dashboardusers,ou=groups,dc=customer,dc=com changetype: modify add: uniqueMember uniqueMember: cn=<userA>,ou=people,dc=customer,dc=com dn: cn=dashboardusers,ou=groups,dc=customer,dc=com changetype: modify add: uniqueMember uniqueMember: cn=<userB>,ou=people,dc=customer,dc=com dn: cn=<remoteContext_group>,ou=groups,dc=customer,dc=com changetype: modify add: uniqueMember uniqueMember: cn=<userC>,ou=people,dc=customer,dc=com" > /tmp/ldpuserstogroupNote: Add the user to the <remoteContext_group> only if you have not added in the previous step. - Repeat the commands for all other LDAP users that are created earlier to the groups.
- Run the following command to add the users to
groups:
ldapmodify -H ldap://:1389/ -x -D "cn=admin,dc=customer,dc=com" -f /tmp/ldpuserstogroup -w admin - Run the following command to list all the users and groups that are created and
available:
ldapsearch -H ldap://:1389/ -x -b dc=customer,dc=com -D "cn=admin,dc=customer,dc=com" -w admin
What to do next
- Creating the domain-specific users in Dashboard designer
- Set up domain support from Config Map.
- Restart the UI and Dashboard Services.