There are some configuration steps you need to follow in the Orchestration Console if you want to immediately configure the authentication of both users and resources to the Orchestration Server through a directory service like ADS or LDAP.
The Cloud Manager Orchestration Server uses only one attribute of a given LDAP user: its group membership. For example, if the following settings were already configured in the Orchestration Server,
BaseDN 'dc=domain,dc=novell,dc=com' UserAttribute 'uid' UserPrefix 'ou=Users'
you could further configure the Orchestration Server to identify users belonging to an LDAP group using the setting LDAP:groupnocase:administrators.
You would do this by specifying a filter in the Orchestration Server using these settings:
GroupFilter 'memberUid=${USER_NAME}'
GroupPrefix 'ou=Groups'
GroupAttribute 'cn'
Applying these settings would let authenticated users belonging to the “administrators” LDAP group be added to the “administrators” user group in the Orchestration Server (and so allow them to log in to the Orchestration Console, for example).
For information on configuring these settings in the Orchestration Server, see Orchestration Server Authentication Page
in the NetIQ Cloud Manager 2.1.5 Orchestration Console Reference.
NOTE:Depending upon your selection at the drop down list on the subpanel of the page of the Orchestration Console the configuration fields change to reflect the relevant settings. (One server type is , the other is .)