Integrate Open LDAP

Prerequisites

• Open LDAP sever with required configuration should exist in your system.

• Users and groups that you want to integrate with Portworx backup Keycloak should exist on your LDAP setup.

Integrate with Portworx Backup Keycloak

To integrate your LDAP users and groups with Portworx Backup Keycloak:

1. Login to Portworx Backup Keycloak web console with the following URL:

   http://NODE_IP:NODE_PORT/auth/

   Refer Configure access to web console topic for more information.

2. Log-in with valid and active user credentials.

3. In the left navigation pane of home page, under Configure click User Federation:

   

4. From the User Federation page, select Add LDAP providers.

   

5. In the Add LDAP provider page, provide the required Active Directory configuration details.

   • General Options
     • UI display name: enter ldap
     • Vendor: choose Active Directory from the drop-down
   
   
   
   • Connection and Authentication Settings
     • Connection URL: enter the LDAP server URL
     • Enable StartTLS: toggle to Off
     • Use Truststore SPI: select Only for ldaps
     • Connection pooling: toggle to Off
     • Connection timeout: enter a suitable timeout value (in seconds)

6. Click Test connection to verify the connection settings.

   • Additional Authentication Settings
     • Bind type: select simple
     • Bind DN: enter the distinguished name (DN) for the LDAP bind
     • Bind credentials: enter the bind credentials (password)

7. Click Test authentication to verify the bind credentials.

   
   
   • LDAP Searching and Updating
     • Edit mode: select the desired edit mode from the drop-down
     • Users DN: enter the DN for the users
     • Username LDAP attribute: enter cn
     • RDN LDAP attribute: enter cn
     • UUID LDAP attribute: enter objectGUID
     • User object classes: enter person, organizationalPerson, user
     • User LDAP filter: enter any specific filter if required
     • Search scope: select One Level
     • Read timeout: enter a suitable timeout value (in seconds)
     • Pagination: toggle to Off
   
   
   

   • Synchronization Settings

     • Import users: toggle to On
     • Sync Registrations: toggle to On
     • Batch size: enter the batch size for synchronization
     • Periodic full sync: toggle to Off (if not needed)
     • Periodic changed users sync: toggle to Off (if not required)

   • Kerberos Integration:

     • Allow Kerberos authentication: toggle to Off
     • Use Kerberos for password authentication: toggle to Off
   
   
   

   • Cache Settings:

     • Cache policy: select DEFAULT

   • Advanced Settings

     • Enable the LDAPv3 password modify extended operation: toggle to Off
     • Validate password policy: toggle to Off
     • Trust email: toggle to Off

8. Now click Query Supported Extensions to retrieve any supported LDAP extensions.

9. Finally, click Save to integrate your Open LDAP users with Portworx Backup Keycloak.

   This step successfully integrates the Active directory with Keycloak. In other words, you have established a successful connection between Open LDAP and Portworx Backup Keycloak.