Configure management authentication

To configure management authentication with the local management interface, use the Management Authentication management page.

Steps

  1. Select System > System Settings > Management Authentication. All current management authentication settings are displayed.

  2. In the Main tab:

    • Select Local User Database to use the local user database for authentication.

    • Select Remote LDAP User Registry if to use the remote LDAP user registry for authentication. If a remote user registry is configured for management authentication, the local administrator user (admin) can continue to be referenced with the admin@local user name. We can use this as a fail safe in the event the remote user registry is not reachable.

      1. In the LDAP tab:

        1. Specify the name of the LDAP server in the Host name field.

        2. Port over which to communicate with the LDAP server in the Port field.

        3. Select the Anonymous Bind check box if the LDAP user registry supports anonymous bind.

        4. Specify the DN of the user used to bind to the registry in the Bind DN field.

        5. Password associated with the bind DN in the Bind Password field.
        6. Optional: To enable LDAP client debugging for authentication related issues, select the Debug check box. The LDAP debugging log can be viewed by going to Monitor > Application Log Files and accessing the management_ui > ldap_debug.log file.

      2. In the LDAP General tab:

        1. Specify the name of the LDAP attribute that holds the supplied authentication user name of the user in the User Attribute field.

        2. Specify the name of the LDAP attribute used to hold the members of a group in the Group Member Attribute field.

        3. Base DN used to house all administrative users in the Base DN field.

        4. Specify the DN of the group to which all administrative users belong in the Administrative Group DN field. All administrative users must have permission to view the specified admin_group_dn group within the user registry.

      3. In the LDAP SSL tab:

        1. Select the Enable SSL check box to define Whether SSL is used when the system communicates with the LDAP server.

        2. Select the name of the key database file in the Key File Name field.

        3. Select the name of the certificate to be used if client authentication is requested by the LDAP server in the Certificate Label field.

  3. Click Save to save your settings. For the changes to take effect, they must be deployed.
  4. Optional: Click Test to test the authentication. If there have been changes made to the management authentication configuration that have not yet been deployed, this test will run using the undeployed configuration.

    1. In the Test Authentication window, enter the user name in the Username field.

    2. Enter the password in the Password field.

    3. Click Test.

    If the authentication is successful, a success message is displayed. If the authentication is not successful, an error message is displayed.

Parent topic: System settings