17.3 Importing Organization Users from LDAP

Roles that Can Perform This Task: Cloud Administrator, Organization Manager

The following steps explain how to create Organization users by importing information from your LDAP authentication source. For information about creating Organization users by manually entering information, see Manually Creating System and Organization Users.

  1. On the main navigation bar, click Organizations.

  2. Click the Organizations tab, select the target organization for the import, click Edit to display the Edit Organization dialog box.

  3. On the Users tab, click Members, then click Import.

  4. Authenticate to the LDAP directory:

    1. Click the LDAP tab.

    2. In the LDAP Location section, fill in the following fields:

      Host: Specify the FQDN (fully qualified domain name) or IP address of the host machine running the LDAP server. For example, ldap.mycompany.com or 123.45.67.8.

      Port: Specify the TCP port (on the host machine) where the LDAP server is listening for LDAP connections. The standard port for non-SSL connections is 389. The standard port for SSL connections is 636.

      Use SSL: If the Cloud Manager Application Server is configured for an SSL connection to the LDAP server, select this option to enable the secure connection.

    3. In the Search Bind Account section, fill in the following fields:

      DN: Specify the distinguished name of an account that has search rights to the directory location from which you want to import users. For example, cn=Administrator,cn=Users,dc=MyCompany,dc=com

      Password: Specify the password for the account.

      Confirm Password: Confirm the password for the account.

    4. Click Test Connection.

      If the connection is successful, the Test Status is displayed as Passed. If the connection is not successful, validate the connection information and try again.

  5. Import users:

    1. Click the Import tab.

    2. Click Add.

      When you click Add, a new import entry is added to the list. You use the fields below the list to define the entry.

    3. In the DN field, use standard LDAP notation (ou=provo,dc=netiq,dc=com) to specify the distinguished name for the target container or object, then click Validate.

      If you specify a container, all users located within the container are imported. If you only want to import one user, specify the DN of the user object.

    4. If you specified a container for import, select Users.

    5. If you specified a container for import, select Scan Tree if you want to import users located in its subcontainers.

    6. Click Import.

      The imported users are added to the Members list. Users are identified by the icon.

  6. Assign roles to a user.

    An Organization user can be assigned roles at the organization level, business group level, or business service level. If you want to assign an imported user a role at the organization level, continue with the following steps. If you want to assign roles at the other two levels, exit the dialog box and see Assigning Roles to Users and Groups.

    Users must be given roles in order to do anything in the organization. There are six roles that apply at the organization level: Approver, Build Administrator, Business Group Viewer, Business Service Owner, Organization Manager, and Sponsor.

    Role assignments at the organization level are inherited by the organization’s business groups. For example, if you give a user the Business Service Owner role for an organization, the user can create business services for any business group in the organization. If you want to limit the user to a role in specific business group, you must make the role assignment in the business group.

    1. Click the role (Approver, Build Administrator, Business Group Viewer, Business Service Owner, > Organization Manager, or Sponsor) that you want to assign to a user.

    2. Click Add.

      Depending on the role that you are adding, the selection dialog box can contain two lists: Members and System Users. The Members list includes all members of the organization and the System Users list includes all Cloud Manager System users.

    3. Select the users you want to add, then click OK.

      You can Shift-click and Ctrl-click to select multiple users.

  7. Click Save to close the Edit Organization dialog box.