Follow

About this task

Define an Active Directory (AD) to serve as a local InfiniBox user repository. The user accounts in its database are granted access to the InfiniBox management interfaces: the GUI console, the CLI, and the API.

The AD domain controllers can be either automatically discovered by InfiniBox, or manually defined by the user.

  • To automatically discover domain controllers, InfiniBox issues a DNS query to the provided AD domain. InfiniBox then tries to use the fastest responding domain controller for its AD queries.
  • When domain controllers are defined by the user, it is recommended to define more than one server to allow for failover support.

The user credentials you provide when defining an AD are stored in InfiniBox for future AD queries. It is recommended that this be a read-only account.

Before you begin

Read the User Repositories section at: Overview of InfiniBox user management.

Prerequisites

  • The Bind username and password of the InfiniBox machine's read-only user account in AD

Defining an Active Directory

  1. In the InfiniBox Management Console, click the Settings icon on the left toolbar, and select the LDAP/AD tab.

  2. Click the Define button.
  3. Select Active Directory as the repository type.
  4. Enter a Repository Name to be displayed in the InfiniBox Management Console. This does not have to be the actual Active Directory name.
  5. In the Domain Name field, enter the FQDN of the AD domain.
  6. Do one of the following:

    • (Recommended) Select Auto discover servers so that you do not need to manually enter the domain controllers.

    • To limit InfiniBox to specific domain controllers for its AD queries, deselect Auto discover servers. For each domain controller that can be used for queries, enter its server name or IP address, and click Add.

  7. If your AD does not support SSL, disable Use SSL.
  8. Enter the Port number.
    • The default port number if using SSL is 636.
    • The default port number if not using SSL is 389.
  9. Enter the Bind username and Bind password of the InfiniBox machine's read-only user account in AD. These credentials are stored in InfiniBox for future LDAP queries.
  10. To limit InfiniBox access to specific repository users or groups, click Schema Definition near the bottom of the page.
  11. If required, enter the following information:
    • User Class
    • Username Attribute
    • Users Base DN, in the format is ou=Users,dc=fsubfolder1,dc=subfolder2
      This points to the LDAP folder that contains the user IDs.
      The Users folder can point to users or to any place where user credentials are stored, such as folders and other devices.
    • Group Class
    • Group Name Attribute
    • Member-of Attribute
    • Group Base DN
  12. Click Test to ensure that InfiniBox can communicate with the AD.
    A message lets you know if the Active Directory test was successful or not.
    If the test fails, correct the problem described in the message.
  13. Click Define Server to complete the AD definition.
  14. To authorize the members of a user group to access the InfiniBox management interfaces, see Defining user groups.

Testing the user repository data connection

You can test the data connection at any time to ensure that the user repository configuration is correct.

  1. In the InfiniBox Management Console, click the Settings icon on the left toolbar, and select the LDAP/AD tab.
  2. Right-click an AD definition, and select Modify Configuration.
    The Modify Active Directory Server screen opens. 
  3. Click Test to ensure that InfiniBox can communicate with the AD.
    A message lets you know if the AD test was successful or not.
    If the test fails, correct the problem described in the message.
Was this article helpful?
0 out of 0 found this helpful

0 out of 0 found this helpful

Last edited: 2022-02-06 13:29:42 UTC

Comments