Versions Compared

Old Version 5

changes.mady.by.user Viktoryia Varapayeva

Saved on

compared with

New Version 6

changes.mady.by.user Viktoryia Varapayeva

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

NetMRI uses internal and external authentication systems to control user authentication for performing all administrative tasks. For a simple rollout, you can use the NetMRI local authentication database, which is called the local authentication service, where all user accounts and login information are contained within the appliance. You can also link NetMRI to an external Active Directory, RADIUS, TACACS+, LDAP, SAML, or OCSP authentication server or server group in the enterprise network to perform user authentication and authorization for NetMRI tasks, using the same user roles and privileges defined on the local NetMRI system. Doing so requires creating new authentication services in NetMRI.

Anchor
bookmark214
bookmark214

...

  1. Go to the Settings icon –> General Settings section –> Authentication Services page.
  2. Enter the Name and Description.
  3. Set the Priority and Timeout of the LDAP service.
  4. Choose LDAP as the Service Type. The Service Specific Information pane updates to show the required LDAP settings.
  5. Enter the Base DN value for the new LDAP service (example: ou=management, dc=corp100, dc=comlocal). Users' definitions may be split between two or more Base DNs, so be aware of how the directory service is structured.
  6. Enter the User Attribute. This will typically be cn for 'common name,' which is one of the components of the LDAP Distinguished Name attribute.
  7. Enter the Group Attribute, which will typically be specified as memberOf for NetMRI. This defines the group membership in the LDAP tree for individual user accounts in LDAP. NetMRI uses this attribute to retrieve the LDAP group name to which the users belong. The LDAP group will be mapped to NetMRI users group (see the Remote Groups tab).
    Example:

...

Username: ******
Password:******
Process Started
2015-05-01 17:41:59 ------------------------------------------------------
2015-05-01 17:41:59 +++ BEGIN testing access to authentication servers +++
2015-05-01 17:41:59 +++ LDAP connection: username='jsmith', address='ldaps://172.16.23.2', port='636', certPath='/var/local/netmri/certs/ca_repo/1430516467.501615.pem', version ='', timeout='5' +++
2015-05-01 17:41:59 Anonymous bind
2015-05-01 17:41:59 Authentication successful.
2015-05-01 17:41:59 Authenticate user 'cn=jsmith,ou=People,dc=corp100,dc=comlocal' with 'inet6 => Y'...
2015-05-01 17:41:59 Authentication successful.
2015-05-01 17:41:59 Groups: ['administrators', 'dev']
2015-05-01 17:41:59 +++ END testing access to authentication servers +++
2015-05-01 17:41:59 ------------------------------------------------------
Authentication Test Completed

...

NetMRI SAML Attribute KeySAML Attribute ValueDescriptionExample

uid

username

User name as specified in the IDP user record.

jdoe

urn:oid:1.2.840.113549.1.9.1 or mail

mail

This is the person’s Email ID in the IDP user record.

jdoe@example.com

urn:oid:2.5.4.42 or givenName

givenName

Given name (first name) as specified in the IDP user record.

john

urn:oid:2.5.4.4 or surname

surname

Surname (last name) as specified in the IDP user record.

doe
Group AttributeCustom group attributeUser's relation to the organization or group.

memberOf

eduPersonAffiliation


To configure a NetMRI SAML authentication service, complete the following:

...