Administrator Guide
NOTE: Adding multiple servers ensures continued authorization of users in the event of a resource outage. If Storage
Center cannot establish contact with the rst server, Storage Center attempts to connect to the remaining servers in the
order listed.
• In the Directory Server Connection Timeout eld, type the maximum time (in minutes) that Storage Center waits while
attempting to connect to an Active Directory server. This value must be greater than zero.
• In the Base DN eld, type the base distinguished name for the LDAP server. The Base DN is the starting point when searching for
users.
• In the Relative Base eld, type the Relative Base information. A Relative Base is a list of Relative Distinguished Names (RDN)
prepended to the Base DN, indicating where the controller should be joined to the domain. An RDN contains an attribute and a
value, such as:
OU=SAN Controllers
OU is the attribute, and SAN Controllers is the value.
The following special characters used within an RDN value must be escaped using a backslash:
, + " \ < > ; = / CR and LF
For example:
Relative Base: OU=SAN Controllers
(No escapes necessary)
Relative Base: OU=SAN\+Controllers
(The plus character is escaped)
Relative Base: OU=Buildings A\,B\,C,OU=SAN \+Controllers
(Commas and plus sign are escaped except for the comma
separating the RDNs.)
• In the Storage Center Hostname eld, type the fully qualied domain name (FQDN) of the Storage Center.
– For a single-controller Storage Center system, this is the fully qualied host name for the controller IP address.
– For a dual-controller Storage Center system, this is the fully qualied host name for the management IP address.
• In the LDAP Domain eld, type the LDAP domain to search.
• In the Authentication Bind DN eld, type the Distinguished Name or User Principal Name of the user that the Storage Center
uses to connect to and search the LDAP server.
• In the Authentication Bind Password eld, type the password for the authentication bind Distinguished Name.
7 (Optional) Click Test Server to verify that the Storage Center can communicate with the specied directory servers using the
selected protocol.
8 (Optional) If Transport Layer Security (TLS) is enabled, upload a Certicate Authority PEM le.
a Click Upload Certicate Authority PEM.
b Browse to the location of the PEM le, select the le, and click Select. The Upload TLS Certicate dialog box opens.
NOTE
: If you select the wrong PEM le, click Upload Certicate in the Upload TLS Certicate dialog box to select a
new le.
c Click OK to upload the certicate.
9 Click Next. The Kerberos Settings page opens.
10 (Optional) Select the Enabled checkbox to enable Kerberos authentication.
11 To change any of the Kerberos settings, clear the Auto-Discover checkbox, and then type a new value into that eld.
• Kerberos Domain Realm: Kerberos domain realm to authenticate against. In Windows networks, this is the domain name in
uppercase characters.
• KDC Hostname or IP Address: Fully qualied domain name (FQDN) or IP address of the Key Distribution Center (KDC) to which
Storage Center will connect.
254
Storage Center Maintenance