Skip to main content

Access Management with directory services

For Access Management, administrators can use an LDAP (Lightweight Directory Access Protocol) server and a directory service, such as Microsoft's Active Directory.

Configuration workflow

If an LDAP server and directory service are used in the network, configuration works as follows:

  1. An administrator logs in to

    ThinkSystem System Manager with a user profile that includes Security Admin permissions.
    Note
    The admin user has full access to all functions in the system.

  2. The administrator enters the configuration settings for the LDAP server. Settings include the domain name, URL, and Bind account information.

  3. If the LDAP server uses a secure protocol (LDAPS), the administrator uploads a Certificate Authority (CA) certificate chain for authentication between the LDAP server and the storage array.

  4. After the server connection is established, the administrator maps the user groups to the storage array's roles. These roles are predefined and cannot be modified.

  5. The administrator tests the connection between the LDAP server and the storage array.

  6. Users log in to the system with their assigned LDAP/Directory Services credentials.

Management

When using directory services for authentication, administrators can perform the following management tasks:

  • Add a directory server.

  • Edit directory server settings.

  • Map LDAP users to local user roles.

  • Remove a directory server.