Tech Notes : (Less Common) Connect Pano Manager To Directory Services

(Less Common) Connect Pano Manager To Directory Services
If your directory service doesn’t work when you configure as outlined in Connect Pano Manager To Directory Services, then perform the following procedure, which takes into less common environments.
The Pano Manager relies on the directory service for user authentication. You need to set up the Pano Manager to read your directory service. When connecting to your directory service, you have the ability to specify a specific server or, if you are using Active Directory, you can let DNS determine the domain controller.
For a list of supported directory services, go to Supported Directory Services.
Recommendation: For higher security, connect via ldaps (LDAP over SSL). The Pano Manager also supports connections via LDAP.
To set up Directory Service integration for Novell eDirectory/OpenLDAP:
When using Novell eDirectory or OpenLDAP, keep in mind the following:
The Pano Manager tests security group membership using the user’s groupMembership attribute. If this attribute is not present, the Pano Manager tests group membership using the group’s member attribute.
The persons uid attribute is used for authentication.
1.
2.
Click on the Setup tab.
3.
In the Directory Configuration area, type the URL for the LDAP server, type a URL of the following form:
Example:
4.
In the Directory Configuration area, type the user principal name (UPN) of the account to be used to connect to the directory server. The user name under Directory Configuration must be in one of the following forms:
or
The UPN is an internet-style login name for the user. The account needs to have read access to all portions of the directory used to authenticate users of the DVMs.
For user authentication service you can typically use any username that has the privileges or permissions to browse your AD/LDAP tree in order to authenticate users. Many Pano Logic customers simply use a regular account.
Example:
5.
In the Directory Configuration area, type the account's password, then click Configure.
6.
When connected, In the Directory Configuration area, click Browse, then browse the virtualization hierarchy to confirm that the account has the proper access privileges.
If you receive connection errors, details can be found under the Log tab or by hovering over the connection status field on the Setup tab.
Troubleshooting: Go to Troubleshoot Authentication and Directory Services Problems.
To set up Directory Service integration for Active Directory:
1.
2.
Click on the Setup tab.
3.
In the Directory Configuration area, type the URL for the directory service by doing one of the following:
(Option #1) For best performance with Active Directory and if you have a multidomain environment, specify a domain controller that is a Global Catalog Server. By default the Global Catalog runs on port 3268 in unencrypted mode and on 3269 in encrypted mode. Therefore, the URL is ldaps://dirserver1.yourdomain.com:3269 for encrypted mode and ldap://dirserver1.youdomain.com:3268 for unencrypted mode. Consult your Active Directory administrator if the Global Catalog runs on a different server or if it is configured to run on a different port.
A list of URLs can be supplied (separated by spaces). The Pano Manager tries the URLs in the order that they appear in the list. The first successful connection will be used.
The Pano Manager queries the directory server for the default naming context that will be used for queries. If you need to use a different naming context, you can specify it after the host name in the URL.
(Option #2) To have DNS determine the domain controller, and if you are using Active Directory, type a URL of the following form.
Example #1:
Example #2:
If you specify the domain name, the Pano Manager queries every domain controller in the domain until one answers.
(Option #3) To specify the specific domain controller, type a URL of the following form:
Example:
4.
In the Directory Configuration area, type the user principal name (UPN) of the account to be used to connect to the directory server. The user name under Directory Configuration must be in one of the following forms:
or
The UPN is an internet-style login name for the user. The account needs to have read access to all portions of the directory used to authenticate users of the DVMs.
For user authentication service you can typically use any username that has the privileges or permissions to browse your AD/LDAP tree in order to authenticate users. Many Pano Logic customers simply use a regular account.
Example:
5.
In the Directory Configuration area, type the account's password, then click Configure.
6.
When connected, In the Directory Configuration area, click Browse, then browse the virtualization hierarchy to confirm that the account has the proper access privileges.
If you receive connection errors, details can be found under the Log tab or by hovering over the connection status field on the Setup tab.
Troubleshooting: Go to Troubleshoot Authentication and Directory Services Problems.
 

Did you find what you're looking for?
v2.5.1