LDAP Authentication

Lightweight Directory Access Protocol (LDAP) can be used as an external authentication service to log in to Harmony Controller. An LDAP server is used as a central repository to store the following:

  • User information

  • Role information for application users

To configure the Harmony Controller attribute on LDAP server

You must set custom ObjectClass attributes. This procedure applies to OpenLDAP server. However, you can use the same method to configure the attribute on servers such as Active Directory.

  1. Create olcObjectClasses as A10HarmonyAccessGroups and olcAttributeTypes as A10-Harmony-Access-Groups in a file. Use the same naming conventions that you have used in Harmony Controller.

dn: cn=access_group,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: access_group
olcAttributeTypes: {0}( 1.7.11.1.1 NAME 'A10-Harmony-Access-Groups' DESC 'A10 Harmont Access Groups' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcObjectClasses: {0}( 1.7.11.1.1.100 NAME 'A10HarmonyAccessGroups' DESC 'A10HarmonyAccessGroups object class' SUP top AUXILIARY MUST A10-Harmony-Access-Groups )
  1. Save the file as harmony.ldif.

  2. From the LDAP server, run the following command:

ldapadd -Y EXTERNAL -H ldapi:/// -f ./harmony.ldif
  1. Create users and add the required attribute A10-Harmony-Access-Groups in ObjectClass.

  2. Configure the user and access group. The following example shows the attribute with default root provider with access groups configured in Harmony Controller.

root:hc_provider_admin-root|p1:hc_provider_adminp1|providerB:hc_provider_admin-providerB

To configure LDAP authentication for new provider

  1. Log in to Harmony Controller as super-admin.

  2. Create a new provider and activate the provider-admin user account. On the activation page, user can set the authentication type for the provider.

    _images/LDAP.png
  3. Select LDAP from the Select Authentication drop-down. Enter Comma Separated LDAP Hosts, DN Pattern, and then select Use User DN or Use search DN option. Click Validate to validate the details.

    _images/auth-serv-validn1.png

Note that Harmony Controller does not store the user ID and password that you provide. It is only used to validate the remote server setup. A confirmation message is displayed on successful validation.

  1. If Use Search DN option is selected, enter Login Attribute, Admin DN, and Admin Password. Click Validate to validate the details.

    _images/ldap_search.png
    _images/auth-serv-validn1.png

Note that Harmony Controller does not store the user ID and password that you provide. It is only used to validate the remote server setup. A confirmation message is displayed on successful validation.

  1. Click Save.

To set LDAP authentication process for provider login

  1. Login in to Harmony Controller root provider as provider-admin.

  2. Go to Organization > Authentication > Change Authentication Provider page.

    _images/edit-auth-ldap.png
  3. Select LDAP from the Authentication Type drop-down.

  4. Enter the LDAP host information, DN Pattern, and then select Use User DN or Use search DN option. Click Validate to validate the details. For example, uid={0},ou=users,dc=companyname,dc=com

    _images/auth-serv-validn1.png

Note that Harmony Controller will not store the provided user ID and password. It is only used to validate the remote server setup. A confirmation message is displayed on successful validation.

  1. If Use Search DN option is selected, enter Login Attribute, Admin DN and Password details. Click Validate to validate the details.

  2. Click Save.