Administrator Guide
ldap://server1.example.com ldap://server2.example.com:1234
NOTE: Adding multiple servers ensures continued authorization of users in the event of a resource outage. If
Storage Center cannot establish contact with the rst server, Storage Center attempts to connect to the
remaining servers in the order listed.
• In the Directory Server Connection Timeout eld, enter the maximum time (in minutes) that Storage Center waits while
attempting to connect to an Active Directory server. This value must be greater than zero.
• In the Base DN eld, type the base distinguished name for the LDAP server. The Base DN is the starting point when
searching for users.
• In the Storage Center Hostname eld, type the fully qualied domain name (FQDN) of the Storage Center.
– For a single-controller Storage Center system, this is the fully qualied host name for the controller IP address.
– For a dual-controller Storage Center system, this is the fully qualied host name for the management IP address.
• In the LDAP Domain eld, type the LDAP domain to search.
6. (Optional) Click Test Server to verify that the Storage Center can communicate with the specied directory servers using the
selected protocol.
7. (Optional) If Transport Layer Security (TLS) is enabled, upload a Certicate Authority PEM le.
a. Click Upload Certicate Authority PEM.
b. Browse to the location of the PEM le, select the le, and click Open. The Upload TLS Certicate dialog box opens.
NOTE: If you select the wrong PEM le, click Upload Certicate in the Upload TLS Certicate dialog box to
select a new le.
c. Click OK to upload the certicate.
8. Click Next. The Kerberos Settings page opens.
9. (Optional) Select the Enabled check box to enable Kerberos authentication.
10. To change any of the Kerberos settings, clear the Auto-Discover check box, and then type a new value into that eld.
• Kerberos Domain Realm: Kerberos domain realm to authenticate against. In Windows networks, this is the domain name in
uppercase characters.
• KDC Hostname or IP Address: Fully qualied domain name (FQDN) or IP address of the Key Distribution Center (KDC) to
which Storage Center will connect.
• Password Renew Rate (Days): Number of days before the keytab is regenerated. The default value is 0, which equates to a
password renew rate of 14 days.
11. Click Next. The Join Domain page opens.
12. Enter the user name and password of a domain administrator.
13. Click Next. The Summary page opens.
14. If you want to change any setting, click Back to return to the previous page. When all settings are correct, click Finish.
Congure Directory Services Manually (Storage Center 6.6 or Later Only)
Use the Directory Service Manual Conguration wizard to enter directory service settings manually. Use manual conguration for
OpenLDAP or special Active Directory sites.
1. Select a Storage Center from the Storage view. (Data Collector connected Storage Manager Client only)
2. In the Summary tab, click Edit Settings. The Edit Storage Center Settings dialog box opens.
3. Click the Directory Services tab.
4. Click Congure Directory Services Manually.
The Directory Service Manual Conguration wizard opens.
5. From the Directory Type drop-down menu, select Active Directory or OpenLDAP.
6. Enter the settings for the directory server.
• In the URI eld, type the uniform resource identier (URI) for one or more servers to which Storage Center connects.
NOTE: Use the fully qualied domain name (FQDN) of the servers.
254
Storage Center Maintenance