No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

MM910 Management Module V100R001 User Guide 24

This document provides the product description, installation and configuration methods, and common operations of the E9000 server chassis management module MM910.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring LDAP

(Optional) Configuring LDAP

Scenarios

Configure the Lightweight Directory Access Protocol (LDAP) function on the System Management page of the HMM WebUI.

The LDAP function enables domain users to access the HMM WebUI.

NOTE:

A common function of LDAP is to provide a central repository for user names and passwords, which allows different applications and services to connect to the LDAP server to validate users.

Prerequisites

Conditions

An LDAP server with domain name of it.software.com is available, and Active Directory (AD) domain and certificate services have been installed.

Data

  • LDAP server information
    • LDAP server address
    • LDAP server domain name
    • Host name
    • User application folder
  • Password of the current MM910 user
  • LDAP group to which an LDAP user belongs

Procedure

  1. Add a user on the LDAP server.

    1. Choose Start > Administrative Tools > Server Manager.

      The Server Manager dialog box is displayed.

    2. Choose Roles > Active Directory Domain Services > Active Directory Users and Computers > it.software.com > Users and add a user.

      For example, add a user with the user name user1 and password Huawei12#$.

      1. Right-click Users and choose New > User.
      2. Enter the user name and click Next.
        NOTE:

        At least one of the full name or logon name must contain only digits, uppercase and lowercase letters, and the following special characters: '&%$|/()#"<>+;=\,

        Use escape characters to replace the special character backslash (\) or comma (,). For example, use "IT\\user" instead of "IT\user".

      3. Enter the user password, deselect User must change password at next logon, and click Next.
      4. Click Finish.
    3. Right-click the server domain name it.software.com, choose New > Organizational Unit, and add an organizational unit, for example Huawei.
    4. Right-click Huawei, choose New > Organizational Unit, and add a lower-level organizational unit, for example test1.

      Use the same method to add a lower-level organizational unit, for example, Huawei -> test1 -> IThelpdesk.

    5. Right-click the organizational unit of the lowest level (for example IThelpdesk), choose New > Group, and create an LDAP group, for example E9000admin.

      Repeat this step to create more LDAP groups, for example E9000 Operator.

      Figure 4-17 Newly created organization units and LDAP groups
    6. Right-click E9000admin, choose Properties, click the Members tab, and add the user configured in 2.

  2. Log in to the MM910 WebUI.

    For details, see Logging In to the MM910 WebUI.

  3. Configure the domain name service (DNS).

    1. On the HMM WebUI, choose Chassis Settings > Network Settings > MMs.
    2. Click Edit.
    3. Enter LDAP server addresses under DNS.
    4. Click Save.

  4. Configure the MM910 LDAP server.

    1. Choose System Management > Account Management > LDAP.
    2. Click Edit and set LDAP to On.
    3. Configure Certificate verification.
      • To enable certificate verification, set Certificate verification to ON and select the certificate verification level. For details about the certificate verification level, see Table 7-92.
      • If Certificate verification is set to OFF, Certificate verification level will be unavailable.
      NOTE:

      For security purposes, enable certificate verification for security purposes. After certificate verification is enabled, set the domain controller address to a domain name and import the LDAP root certificate.

    1. Enter the domain controller address, for example it.software.com.
    2. Enter the LDAP user domain, which indicates the path where the user is created.

      For example, if the user is in the Users organization and the domain name is it.software.com, enter CN=Users,DC=it,DC=software,DC=com.

      NOTE:

      To query the user domain, do as follows:

      1. Right-click the domain name (for example it.software.com) and choose View > Advanced Features.
      2. In the Users area, right-click the user added in 2 and choose Properties.
      3. Select the Attribute Editor tab.

      The value corresponding to distinguishedName is the user domain, for example, CN=Users,DC=it,DC=software,DC=com).

    3. Click Save.

  5. (Optional) Import an LDAP root certificate.

    NOTE:

    Perform this operation only if Certificate verification is set to On.

    1. In the Root Certificate area, select a certificate file and click Upload.

      If the certificate is uploaded successfully, the system displays the certificate status and information, including the user, issuer, valid date, and serial number.

      NOTE:

      The certificate file must be a Base64-coded file in the .cer, .crt, or .pem format.

  6. Configure the MM910 LDAP group.

    1. In the LDAP Groups area, click Add.
    2. Enter the password of the current user.
    3. Enter the name (for example, MM910) of the LDAP group to which the LDAP user belongs.
    4. Enter the LDAP user group domain in LDAP group folder, which indicates the path where the LDAP group is created.

      If the LDAP group is created under it.software.com/Huawei/test1/IThelpdesk, enter CN=E9000admin,OU=IThelpdesk,OU=test1,OU=Huawei,DC=it,DC=software,DC=com. The method for querying the group domain is similar to the method for querying the user domain.

      The value must be consistent with the name of the organizational unit to which the LDAP user group belongs. The value can contain a maximum of 255 characters. An example of a multi-level LDAP group directory is Huawei/test1/IThelpdesk.

    5. Select the user domain.

      By default, superdomain is selected.

    6. Set the group privilege.
      • Administrator: Users in this group can perform all operations.
      • Operator: Users in this group can query and set data, but cannot perform advanced operations, such as stateless computing, user management, security management, information collection, and master/slave-chassis management.
      • Common user: Users in this group can only query information.
    7. Select preset login rules. For details about the login rules, choose System Management > System Settings > Security.
    8. Click OK.

  7. Verify the LDAP configuration.

    1. At the upper right corner of the HMM WebUI, click to return to the login page.
    2. Enter the user name (for example user1) and password (for example, Huawei12#$) configured on the LDAP server.
    3. Select LDAP from the Domain drop-down list.
    4. Click Log In.

      If the login is successful, the configuration is complete.

Translation
Download
Updated: 2019-04-10

Document ID: EDOC1000015900

Views: 78300

Downloads: 5193

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next