Associating an AD Server with a Cloud Administration Group

If you want to add AD users and groups to the permissions lists for your Windows Access Control Policies, you need to associate at least one AD server with each Cloud Administration group in which you plan to create these policies. After you have associated the AD server with the Cloud Administration group, Cloud Admins can select the appropriate AD domain for each user from a drop-down list.

If you want to use the same AD server for multiple groups, you need to associate the server with each one of the groups individually. There is no default AD server association.

  1. Log into the KeyControl webGUI on any node in the cluster using an account with Cloud Admin privileges.
  2. In the top menu bar, click Cloud.
  3. Navigate to the Active Directory tab.
  4. Select Actions > Add Active Directory.

  5. In the Add Active Directory Server dialog box, specify the options you want to use.

    Field

    Description

    Cloud Admin Group

    Select the Cloud Administration group with which this AD server should be associated.

    Note: You cannot change the group name after you save the AD server.

    Server URL

    The AD server IP address or hostname. Select LDAP:// or LDAPS:// from the drop-down list and enter the URL in the text field. To include a port number, specify :port after the name. For example, 10.238.66.33:389.

    Note: KeyControl does not support multiple AD servers defined in the same Server URL. If you want to use multiple AD servers, you need to add a separate entry for each server.

    STARTTLS

    Enable this option if you want KeyControl to use Transport Layer Security (TLS) protocol when communicating with the AD server. If you select this option, you must upload a CA certificate for the AD server.

    Note: This option is only available if the Server URL starts with LDAP://.

    Service Account

    The account name that KeyControl should use when logging into the AD server. The account name is usually an administrative user and it can have read only permissions on the AD server.

    Service Account Password

    The password for the Service Account.
    CA Certificate

    If you are using LDAPS:// or have selected the STARTTLS option for LDAP://, click Load File and select the CA certificate for the AD server.

  6. When you are done, click Add.

 

HyTrust DataControl v 4.2

Copyright © 2018 HyTrust, Inc. All Rights Reserved.

Follow us: