Administrator Guide
The Data Collector view is displayed.
4 Click the Environment tab and then select the Directory Service subtab.
5 Click Edit.
The Service Settings dialog box opens.
6 Congure LDAP settings.
a Select the Enabled checkbox.
b In the Domain eld, type the name of the domain to search.
NOTE: If the server that hosts the Data Collector belongs to a domain, the Domain eld is automatically populated.
c In the Authentication Bind DN eld, type the Distinguished Name or User Principal Name of the user that the Data Collector
uses to connect to and search the LDAP server. The user name Administrator is not allowed.
• Example Distinguished Name: CN=Firstname Lastname,CN=users,DC=corp,DC=Company,DC=COM
• Example User Principal Name: username@example.com
d In the Authentication Bind Password eld, type the password for the auth bind Distinguished Name.
e If you modied the Domain eld, click Discover to locate the directory service for the specied domain.
7 (Optional) Manually congure the directory service settings.
a From the Type drop-down menu, select Active Directory or OpenLDAP.
b In the Directory Servers eld, type the fully qualied domain name (FQDN) of each directory server on a separate line.
NOTE: To verify that the Data Collector can communicate with the specied directory server(s) using the selected
protocol, click Test.
c In the Base DN eld, type the base Distinguished Name for the LDAP server. This name is the starting point when searching for
users.
d In the Connection Timeout eld, type the maximum time (in minutes) that the Data Collector will wait while attempting to
connect to an LDAP server.
8 (Optional) Congure Kerberos authentication. To allow users to log in with the Client automatically using his or her Windows session
credentials, Kerberos authentication must be congured.
a Select the Kerberos Enabled checkbox.
b In the Kerberos Domain Realm eld, type the Kerberos realm to authenticate against. In Windows networks, this realm is usually
the Windows domain name in uppercase characters.
c (OpenLDAP only) Type the host name or IP address of the Key Distribution Center (KDC) in the KDC Host Name or IP Address
eld.
d In the Data Collector Host Name eld, type the fully qualied domain name (FQDN) of the server that hosts the Data Collector.
9 (Optional — Open LDAP only) If Transport Layer Security (TLS) is enabled, upload a Certicate Authority PEM le...
a Browse to the location of the PEM le, select the le, and click Open. .
The Upload TLS Certicate dialog box opens.
NOTE
: If you select the wrong PEM le, click Upload Certicate in the Upload TLS Certicate dialog box to select a
new le
b c. Click OK to upload the certicate.
10 (Active Directory Only) To register the Data Collector on the domain, select Register the Data Collector on the domain.
a Type the user name and password of a domain administrator.
The user name Administrator is not allowed. These credentials are used only to register the Data Collector and are not saved.
b Click OK.
11 To use an existing service account, select Use an existing service account for joining the domain.
a Type the user name and password for the service account.
NOTE
: The existing service account must include a
servicePrincipalName
attribute with the following values in the
form:
HTTP/<host name>dc.<domain>@<realm>
HTTP/<host name>dc.<domain>
These values can be set using the Microsoft setspn.exe tool or the equivalent.
Storage Manager User Management 689