Access Management with directory services

Administrators can use an LDAP (Lightweight Directory Access Protocol) server and a directory service, such as Microsoft's Active Directory.

Configuration workflow

If an LDAP server and directory service are used in the network, configuration works as follows:
  1. An administrator logs in to

    ThinkSystem SAN Manager with a user profile that includes Security admin permissions.
    Note: The admin user has full access to all functions in the system.
  2. The administrator enters the configuration settings for the LDAP server. Settings include the domain name, URL, and Bind account information.

  3. If the LDAP server uses a secure protocol (LDAPS), the administrator uploads a certificate authority (CA) certificate chain for authentication between the LDAP server and the host system where the Web Services Proxy is installed.

  4. After the server connection is established, the administrator maps the user groups to the local user roles. These roles are predefined and cannot be modified.

  5. The administrator tests the connection between the LDAP server and the Web Services Proxy.

  6. Users log in to the system with their assigned LDAP/Directory Services credentials.

Management

When using directory services for authentication, administrators can perform the following management tasks:
  • Add a directory server.

  • Edit directory server settings.

  • Map LDAP users to local user roles.

  • Remove a directory server.

  • Change passwords.

  • Set a minimum length for passwords.

  • Allow users to log in without passwords.