Authentication

Authentication methods can be arranged hierarchically.

Methods

OpCenter maintains its own database of usernames and passwords for authenticating logins (users are added with the float user add command). This is the "built-in" method. There are additional authentication methods:
  • Local Linux /etc/passwd file
  • LDAP

If both methods are set to true, then authentication proceeds in this order: LDAP first, then local Linux passwd file (if username not found in LDAP directory), and then the "built-in" method (if username not found in /etc/passwd).

Configure Local Linux Authentication

You can configure local linux /etc/passwd authentication by using float commands or by editing the opcenter.yml configuration file.

To configure local Linux authentication using float, enter the following (does not require a restart of the OpCenter):
float config set security.enableLocal true
float config set security.adminGroup wheel
To configure local Linux authentication by editing the opcenter.yml file, complete the following steps.
  • Log in to the OpCenter server.
  • Check that there are no jobs running currently by entering the following.

    /opt/memverge/bin/float squeue

    Wait for running jobs to complete or cancel the jobs.
  • Stop the OpCenter process by entering the following.

    sudo systemctl stop opcenter

  • Open the file called /etc/memverge/opcenter.yml with a text editor.
  • In the security section, insert the following lines.
    security:
      ...
      enableLocal: true
      adminGroup: wheel
  • Save and close file.
  • Start the OpCenter by entering the following.
    sudo systemctl start opcenter

Configure LDAP Authentication

LDAP authentication uses the Lightweight Directory Access Protocol to query a directory of usernames and passwords. You must configure and start the LDAP server before enabling LDAP authentication. The default port for LDAP is 636. Ensure that any interposed firewall allows access to port 636.

To enable LDAP authentication, complete the following steps.
  • Log in to the OpCenter server.
  • Check that there are no jobs running currently by entering the following.

    /opt/memverge/bin/float squeue

    Wait for running jobs to complete or cancel the jobs.
  • Stop the OpCenter process by entering the following.

    sudo systemctl stop opcenter

  • Open the file called /etc/memverge/opcenter.yml with a text editor.
  • In the security section, insert the following lines.
    security:
    ...
      enableLdap: true
      ldap:
        network: tcp
        addr: <ldap_server_ip_address>:636
        useTLS: true
        anonymous: true
        base: dc=memverge,dc=com
        adminGroup: wheel
        peopleOU: People
        groupOU: Group
      ...
    where <ldap_server_ip_address> is the IP address of the LDAP server.
    Note: The configuration shown is for an anonymous binding. To use an authenticated method, you must provide credentials (see your LDAP user guide for details). For example:
    anonymous: false
    bindDN: cn=admin,dc=example,dc=org
    bindPW: admin
  • Save and close file.
  • Start the OpCenter by entering the following.
    sudo systemctl start opcenter
  • Update the OpCenter configuration by entering the following:
    float config set security.enableLdap true