Changing the AD Server Configuration

You can change all AD server properties except for the associated Cloud Admin group. Once an AD server has been associated with a group, it cannot be re-associated with a different group. If you are using LDAPS or LDAP with the STARTTLS option, you do not need to re-upload the AD server's CA certificate unless you change the server URL or you enable STARTTLS for an LDAP server connection.

  1. Log into the KeyControl webGUI on any node in the cluster using an account with Cloud Admin privileges.
  2. In the top menu bar, click Cloud.
  3. Navigate to the Active Directory tab.
  4. Click on the AD server you want to edit and select Actions > Edit Active Directory.

  5. In Edit Add Active Directory Server dialog box, specify the options you want to use.

    Field

    Description

    Cloud Admin Group

    The Cloud Administration group with which this AD server is associated. You cannot change the group association.

    Server URL

    The AD server IP address or hostname. Select LDAP:// or LDAPS:// from the drop-down list and enter the URL in the text field. To include a port number, specify :port after the name. For example, 10.238.66.33:389.

    Note: KeyControl does not support multiple AD servers defined in the same Server URL. If you want to use multiple AD servers, you need to add a separate entry for each server.

    STARTTLS

    Enable this option if you want KeyControl to use Transport Layer Security (TLS) protocol when communicating with the AD server. If you select this option, you must upload a CA certificate for the AD server.

    Note: This option is only available if the Server URL starts with LDAP://.

    Service Account

    The account name that KeyControl should use when logging into the AD server. The account name is usually an administrative user and it can have read only permissions on the AD server.

    Service Account Password

    The password for the Service Account.
    CA Certificate

    If you changed the Server URL and you are using LDAPS:// or have selected the STARTTLS option for LDAP://, click Load File and select the CA certificate for the AD server.
  6. When you are done, click Save.

 

HyTrust DataControl v 4.2

Copyright © 2018 HyTrust, Inc. All Rights Reserved.

Follow us: