Authentication
Methods
OpCenter maintains
its own database of usernames and passwords for authenticating logins (users are
added with the float user add command). This is the
"built-in" method. There are additional authentication methods:
- Local Linux /etc/passwd file
- LDAP
If both methods are set to true, then authentication proceeds in this order: LDAP first, then local Linux passwd file (if username not found in LDAP directory), and then the "built-in" method (if username not found in /etc/passwd).
Configure Local Linux Authentication
You can configure local linux /etc/passwd authentication by using float commands or by editing the opcenter.yml configuration file.
To configure local Linux authentication using float, enter the
following (does not require a restart of the OpCenter):
float config set security.enableLocal true float config set security.adminGroup wheel
To configure local Linux authentication by editing the opcenter.yml file, complete
the following steps.
- Log in to the OpCenter server.
- Open the file called /etc/memverge/opcenter.yml with a text editor.
- In the security section, insert the following lines.
security: ... enableLocal: true adminGroup: wheel
- Save and close file.
- Restart the OpCenter
by entering the following.
float restart
Configure LDAP Authentication
LDAP authentication uses the Lightweight Directory Access Protocol to query a directory of usernames and passwords. You must configure and start your LDAP server before enabling LDAP authentication. The default port for LDAP is 636.
To enable LDAP authentication, complete the following steps.
- Log in to the OpCenter server.
- Open the file called /etc/memverge/opcenter.yml with a text editor.
- In the security section, insert the following lines.
security: ... enableLdap: true ldap: network: tcp addr: <ldap_server_ip_address>:636 useTLS: true anonymous: true base: dc=memverge,dc=com adminGroup: wheel peopleOU: People groupOU: Group ...
where <ldap_server_ip_address> is the IP address of the LDAP server. - Save and close file.
- Update the OpCenter configuration by entering the following:
float config set security.enableLdap true
- Restart the OpCenter
by entering the following.
float restart