Administrator Guide
• (Active Directory only) Joining the controller to the domain requires credentials from a directory service user who is an administrator
and who has sufficient privileges to create a computer record in the directory.
• (Active Directory only) To join the controller to the domain, forward and reverse DNS records for the Storage Center must be created
in the domain. For a single-controller Storage Center system, create DNS records for the controller IP address. For a dual-controller
Storage Center system, create DNS records for the management IP address.
• (OpenLDAP only) To use password authentication with OpenLDAP, an SSL certificate is required to communicate with the directory
service using SSL/TLS.
Discover Directory Service Settings Automatically
Use the Configure Directory Service Automatic Discovery wizard to allow the Storage Center to discover available directory services
automatically.
Steps
1. If the Storage Manager Client is connected to a Data Collector, select a Storage Center from the Storage view.
2. In the Summary tab, click Edit Settings.
The Edit Storage Center Settings dialog box opens.
3. Click the Directory Services tab.
4. Click Configure Directory Services Automatic Discovery.
The Storage Center automatically discovers directory server settings and displays the settings in the Configure Directory Service
Automatic Discovery wizard.
5. (Optional) Clear the checkbox next to any setting you want to change, and then type a new value into that field.
• In the URI field, type the uniform resource identifier (URI) for one or more servers to which Storage Center connects.
NOTE: Use the fully qualified domain name (FQDN) of the servers.
Example URIs for two servers:
ldap://server1.example.com ldap://server2.example.com:1234
NOTE:
Adding multiple servers ensures continued authorization of users in the event of a resource outage. If
Storage Center cannot establish contact with the first server, Storage Center attempts to connect to the
remaining servers in the order listed.
• In the Directory Server Connection Timeout field, type the maximum time (in minutes) that Storage Center waits while
attempting to connect to an Active Directory server. This value must be greater than zero.
• In the Base DN field, type the base distinguished name for the LDAP server. The Base DN is the starting point when searching for
users.
• In the Storage Center Hostname field, type the fully qualified domain name (FQDN) of the Storage Center.
• For a single-controller Storage Center system, this is the fully qualified host name for the controller IP address.
• For a dual-controller Storage Center system, this is the fully qualified host name for the management IP address.
• In the LDAP Domain field, type the LDAP domain to search.
6. (Optional) Click Test Server to verify that the Storage Center can communicate with the specified directory servers using the
selected protocol.
7. (Optional) If Transport Layer Security (TLS) is enabled, upload a Certificate Authority PEM file.
a) Click Upload Certificate Authority PEM.
b) Browse to the location of the PEM file, select the file, and click Select. The Upload TLS Certificate dialog box opens.
NOTE:
If you select the wrong PEM file, click Upload Certificate in the Upload TLS Certificate dialog box to select
a new file.
c) Click OK to upload the certificate.
8. Click Next.
The Kerberos Settings page opens.
9. (Optional) Select the Enabled checkbox to enable Kerberos authentication.
10. To change any of the Kerberos settings, clear the Auto-Discover checkbox, and then type a new value into that field.
• Kerberos Domain Realm: Kerberos domain realm to authenticate against. In Windows networks, this is the domain name in
uppercase characters.
• KDC Hostname or IP Address: Fully qualified domain name (FQDN) or IP address of the Key Distribution Center (KDC) to which
Storage Center will connect.
Storage Center Maintenance
231