Administrator Guide

ManualsBrandsDell ManualsCompellent (SCStorage SCv2000

681

682

683

684

685

686

687

688

689

690

The Data Collector view is displayed.

4 Click the Environment tab and then select the Directory Service subtab.

5 Click Edit.

The Service Settings dialog box opens.

6 Congure LDAP settings.

a Select the Enabled checkbox.

b In the Domain eld, type the name of the domain to search.

NOTE: If the server that hosts the Data Collector belongs to a domain, the Domain eld is automatically populated.

c In the Authentication Bind DN eld, type the Distinguished Name or User Principal Name of the user that the Data Collector

uses to connect to and search the LDAP server. The user name Administrator is not allowed.

• Example Distinguished Name: CN=Firstname Lastname,CN=users,DC=corp,DC=Company,DC=COM

• Example User Principal Name: username@example.com

d In the Authentication Bind Password eld, type the password for the auth bind Distinguished Name.

e If you modied the Domain eld, click Discover to locate the directory service for the specied domain.

7 (Optional) Manually congure the directory service settings.

a From the Type drop-down menu, select Active Directory or OpenLDAP.

b In the Directory Servers eld, type the fully qualied domain name (FQDN) of each directory server on a separate line.

NOTE: To verify that the Data Collector can communicate with the specied directory server(s) using the selected

protocol, click Test.

c In the Base DN eld, type the base Distinguished Name for the LDAP server. This name is the starting point when searching for

users.

d In the Connection Timeout eld, type the maximum time (in minutes) that the Data Collector will wait while attempting to

connect to an LDAP server.

8 (Optional) Congure Kerberos authentication. To allow users to log in with the Client automatically using his or her Windows session

credentials, Kerberos authentication must be congured.

a Select the Kerberos Enabled checkbox.

b In the Kerberos Domain Realm eld, type the Kerberos realm to authenticate against. In Windows networks, this realm is usually

the Windows domain name in uppercase characters.

c (OpenLDAP only) Type the host name or IP address of the Key Distribution Center (KDC) in the KDC Host Name or IP Address

eld.

d In the Data Collector Host Name eld, type the fully qualied domain name (FQDN) of the server that hosts the Data Collector.

9 (Optional — Open LDAP only) If Transport Layer Security (TLS) is enabled, upload a Certicate Authority PEM le...

a Browse to the location of the PEM le, select the le, and click Open. .

The Upload TLS Certicate dialog box opens.

NOTE

: If you select the wrong PEM le, click Upload Certicate in the Upload TLS Certicate dialog box to select a

new le

b c. Click OK to upload the certicate.

10 (Active Directory Only) To register the Data Collector on the domain, select Register the Data Collector on the domain.

a Type the user name and password of a domain administrator.

The user name Administrator is not allowed. These credentials are used only to register the Data Collector and are not saved.

b Click OK.

11 To use an existing service account, select Use an existing service account for joining the domain.

a Type the user name and password for the service account.

NOTE

: The existing service account must include a

servicePrincipalName

attribute with the following values in the

form:

HTTP/<host name>dc.<domain>@<realm>

HTTP/<host name>dc.<domain>

These values can be set using the Microsoft setspn.exe tool or the equivalent.

Storage Manager User Management 689