Enabling LDAP user authentication on the management node
Enable LDAP user authentication to
use the LDAP user base for user authentication in IBM® Spectrum Cluster Foundation.
Note: For a high availability environment, an LDAP
client must be enabled on both the primary management node and the
secondary management node. If you have a high availability environment
setup, make sure to the complete the following steps on both management
nodes.
Before you begin
- Ensure that the LDAP user created for connecting to the LDAP server is available to use.
- You may need to configure your LDAP server for IBM Spectrum Cluster Foundation. Refer to Configuring an existing LDAP server for IBM Spectrum Cluster Foundation
Procedure
Results
Once the LDAP client is successfully installed on the management
node, any compute nodes that are provisioned from now on users can
ssh into them. To ssh into compute nodes that were provisioned before
LDAP was enabled, complete one of the following actions:
- From the Web Portal, reboot or reinstall the nodes.
- From the command line, use the updatenode command.
In IBM Spectrum Cluster Foundation ,
any nodes that are in a cluster before you enabled LDAP, cannot be
accessed by an LDAP user. These nodes are only accessible to local
operating system users. After you enable LDAP, all clusters must be
re-created to be accessible to LDAP users. To re-create clusters,
complete the following actions:
- Remove all existing clusters.
- Set all existing cluster templates to unpublished, and then publish the cluster templates again.
- Create the clusters again.
If for any reason an existing cluster cannot be removed,
then the following is true:
- LDAP users cannot access any server that is part of an existing cluster (a cluster that existed before LDAP was enabled).
- LDAP users cannot access any new servers added to an existing cluster (a cluster that existed before LDAP was enabled).
In cases where an existing cluster cannot be removed, but you want LDAP users to have access to a cluster that uses the same template, you can re-create the cluster by copying the cluster template and republishing it.
What to do next
- To configure the LDAP user home directory, refer to Setup an LDAP user home directory
- If nodes existed in the system before enabling LDAP user authentication, make sure to enable LDAP on those nodes. Refer to Configuring LDAP on preexisting compute nodes.