Setting up User Federation with CNC Console IAM (LDAP Server integration)
- Go to CNCC IAM console
http://<cncc-iam-ingress-ip>:<cncc-iam-ingress-port> and
login using admin credentials provided during installation of CNCC IAM.
- Select Realm Settings and
click Add realm under
Cncc. Click the User Federation in the left pane. The User Federation screen
appears in the right pane.
- From the dropdown list in the User federation screen select ldap, the Add user federation
provider screen appears.
- Fill the following parameters:
- Console Display Name: Enter the display name.
- Vendor: Enter the LDAP server provider name for the company.
Note:
This must usually fill the defaults for many of the fields. But in case you have a different setup than the defaults, enter the correct values to be provided. Current set up is Spring embedded LDAP, so select the last option "Other" from the drop-down list. This fills in many of the required fields.- Most companies have the UUID LDAP attribute value set as "entryUUID". If you don't have this field, than just use another unique identifier.
- Provide company LDAP server details.
- If LDAP is secured then provide the admin bind username and password else select Bind-type as "none".
- Click "Test Connection" and "Test Authentication".
- Set Cache policy as "NO_CACHE".
- After filling the required fields, the screen appears as below. Click Save.
- New buttons (Synchronize changed users, Synchronize all users, Remove
imported, Unlink users) appears next to the Save and Cancel.
- If a user has to be import to CNCC-IAM, Click Synchronize all users. If
the synchronization is successful, the success message appears. If the
synchronization fails, then check the trouble shooting section and look at
cncc-iam logs in debug mode.
- The user can view the imported users by clicking Users under Manage
in the left pane and click View all users in the right pane. The list of
users and details appears.
Note:
The steps 8 and 9 are optional.