Getting Started with LDAP Federation


This section shows how to import LDAP users from an LDAP server and authorize the LDAP users through IAM.


The process of importing and authorizing an LDAP user is shown below.

../../../_images/flow1.png

Target Audience

The OU administrator.

Before You Start

  1. Ensure that the LDAP server is working properly.
  2. You must know the username and password of the administrator account of the LDAP server. This administrator account should at least have full access to all base DNs.
  3. Ensure the access policies for LDAP users have been created in IAM. For details, see Creating and Managing Policies.

Procedure

Step 1: Establish Connection to LDAP Server

To establish connection to the LDAP server:

  1. In the EnOS Management Console, click IAM > LDAP Federation from the left navigation panel.

  2. In the LDAP page, click New LDAP Federation and provide the following:

    • Realm: The unique identity of the LDAP connection.
    • Primary LDAP server: The URL or IP address of the LDAP server.
    • Port number:The port number of the LDAP server.
    • Base DN: The root distinguished name (DN) to use when importing users from the directory server. You can configure multiple base DNs under one LDAP server in one go. Multiple base DNs are separated by semicolons (;). For example: cn=users,dc=example,dc=com;ou=users,dc=example,dc=com.
    • Filter: The filter to use when limiting the entries within the base DNs. For example: FILTER=memberOf=CN=group,CN=developers,DC=example,DC=com.

    Note

    Ensure that the selected entries are all valid account entries.


    • User DN/name: The username of the LDAP administrator account.
    • Password: The password of the LDAP administrator account.
    • Attribute mapping: The mapping relationship between system attributes and LDAP attributes.

  3. Click Test to test the connection to the LDAP server.

    • If the test succeeds, click Done to create the LDAP connection.
    • If the test fails, you need to check the correctness of the information you entered and re-test the connection.

Step 2: Enable LDAP Authentication

After the LDAP connection has been created, in the LDAP Connection page, toggle the LDAP Authentication switch button to enable the LDAP user login.

(Optional) Step 3: Import LDAP Users to IAM

Importing the LDAP users to IAM in advance can help you to batch authorize the LDAP users.

To import LDAP users, do the following:

  1. In the LDAP Federation page, click View after the LDAP server to edit.

  2. Click Import Account, and the LDAP users that have been selected are imported to IAM.

    Note

    The LDAP users that already existed in the IAM will not be imported again.

Step 4: Authorize LDAP Users

You can authorize the LDAP user individually or by adding the LDAP users to the authorized group.

  • The authorized LDAP users can directly log in to EnOS Cloud with proper access rights.
  • The unauthorized LDAP users cannot access any services after logging in. Therefore, they need to contact the OU administrator to request permissions.


For more information, see Creating and Managing Users.

Results

The LDAP user can then log in to the EnOS Management Console with the LDAP account credentials.