19.2 Importing System User Groups from LDAP

Roles that Can Perform This Task: Cloud Administrator

The following steps explain how to create System user groups by importing information from your LDAP authentication source. For information about creating Organization user groups by manually entering information, see Manually Creating System and Organization User Groups.

An imported user group’s membership is maintained in the LDAP authentication source. Any users who are members of the user group in the LDAP source receive the roles that are assigned to the user group in Cloud Manager.

An LDAP user group’s members are not imported to Cloud Manager and do not display in the group’s Members list. In addition, you cannot manually add users or user groups to an imported group.

  1. On the main navigation bar, click Configuration.

  2. Click the Users tab, click Members, then click Import.

  3. Authenticate to the LDAP directory:

    1. Click the LDAP tab.

    2. In the LDAP Location section, fill in the following fields:

      Host: Specify the FQDN (fully qualified domain name) or IP address of the host machine running the LDAP server. For example, ldap.mycompany.com or 123.45.67.8.

      Port: Specify the TCP port (on the host machine) where the LDAP server is listening for LDAP connections. The standard port for non-SSL connections is 389. The standard port for SSL connections is 636.

      Use SSL: If the Cloud Manager Application Server is configured for an SSL connection to the LDAP server, select this option to enable the secure connection.

    3. In the Search Bind Account section, fill in the following fields:

      User DN: Specify an account that has read rights to the directory location from which you want to import users. For example, cn=Administrator,cn=Users,dc=MyCompany,dc=com

      Password: Specify the password for the account.

      Password Confirm: Confirm the password for the account.

    4. Click Test Connection.

      If the connection is successful, the Test Status is displayed as Passed. If the connection is not successful, validate the connection information and try again.

  4. Import user groups:

    1. Click the Import tab.

    2. Click Add.

      When you click Add, a new import entry is added to the list. You use the fields below the list to define the entry.

    3. In the DN field, use standard LDAP notation (ou=provo,dc=netiq,dc=com) to specify the distinguished name for the target container or object, then click Validate.

      If you specify a container, all user groups located within the container are imported. If you only want to import one user group, specify the DN of the user group object.

    4. If you specified a container for import, select Groups.

    5. If you specified a container for import, select Scan Tree if you want to import user groups located in its subcontainers.

    6. Click Import.

      The imported user groups are added to the Members list. User groups are identified by the icon.

  5. Click Save to close the System Configuration dialog box.

  6. To assign roles to a user group, see Assigning Roles to Users and Groups.