Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Words and Phrases
| Search for | Example | Results |
|---|---|---|
| A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
|
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Using Boolean Operators
| Search for | Operator | Example |
|---|---|---|
|
Two or more words in the same topic |
|
|
| Either word in a topic |
|
|
| Topics that do not contain a specific word or phrase |
|
|
| Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
| A combination of search types | ( ) parentheses |
|
LDAP
LDAP (Lightweight Directory Access Protocol) used by CSA is configured in the Cloud Service Management Console.
LDAP is used to:
- Authenticate a user's login to the Cloud Service Management Console or Marketplace Portal
- Authenticate a user's access to information
- Authorize a user's access to information
To completely configure access to CSA, you must configure LDAP to authenticate a user's login, configure LDAP for an organization to authenticate a user's access to information, and configure access control for an organization to authorize a user's access to information.
From this page you can:
- Configure LDAP for authentication to log in to CSA.
- Configure LDAP to access information in CSA.
When you configure LDAP for the provider organization, you are configuring the set of users who can log in and be authenticated to perform actions in the Cloud Service Management Console. And, when you configure LDAP for the consumer organization, you are configuring the set of users who can log in and be authenticated to perform actions in the Marketplace Portal.
To configure authorization to access information in CSA for organizations, see Access control.
For more information about organizations, see What are organizations?
To configure LDAP
Note If you are configuring CSA to be compliant with FIPS 140-2, configure CSA for FIPS 140-2 compliance before configuring this item. Refer to the Cloud Service Automation FIPS 140-2 Compliance Configuration Guide for more information.
- In the organization's navigation frame, select LDAP.
-
Provide or update the following information:
Note: The LDAP configuration fields are unavailable for editing when thecsa.ldapReadOnlyproperty is enabled. For information about the property, see the Cloud Service Automation Configuration Guide. For information about the LDAP Configuration Tool, used to configure the LDAP access point from the command line, see the Cloud Service Automation LDAP Configuration Tool guide.LDAP Server Information
Configure the LDAP server and a user with access to the server.
Item Description Hostname The fully-qualified LDAP server domain name (server.domain.com) or IP address.
Example:
ldap.xyz.comPort The port used to connect to the LDAP server (by default, 389).
Example:
389Connection Security If the LDAP server is configured to require ldaps (LDAP over SSL), select the SSL checkbox. Base DN Base distinguished name. The Base DN is the top level of the LDAP directory that is used as the basis of a search.
Example:
o=xyz.comUser ID (Full DN) The fully distinguished name of any user with authentication rights to the LDAP server. If the LDAP server does not requre a User ID or password for authentication, this value can be omitted.
Example:
uid=admin@xyz.com,ou=People,o=xyz.comPassword Password of the User ID. If the LDAP server does not requre a User ID or password for authentication, this value can be omitted. LDAP Attributes
Enter the names of the attributes whose values are used for email notifications, authentication, and approvals in CSA.
Item Description User Email The name of the attribute of a user object that designates the email address of the user. The email address is used for notifications. If a value for this attribute does not exist for a user, the user does not receive email notifications.
Default:
mailGroup Membership The name of the attribute(s) of a group object that identifies a user as belonging to the group. If multiple attributes convey group membership, the attribute names should be separated by a comma.
Default:
member,uniqueMemberManager Identifier The name of the attribute of a user object that identifies the manager of the user.
Default:
managerManager Identifier Value The name of the attribute of a user object that describes the value of the Manager Identifier's attribute. For example, if the value of the Manager Identifier attribute is a distinguished name (such as
cn=John Smith, ou=People, o=xyz.com) then the value of this field could bedn(distinguished name). Or, if the Manager Identifier is an email address (such asadmin@xyz.com) then the value of this field could beemail.Default:
dnUser Avatar LDAP attribute whose value is the URL to a user avatar image that will display for the logged in user in the Marketplace Portal. If no avatar is specified, a default avatar will be used.
User Login Information
CSA uses a user search-based login method to authenticate access to information.
Item Description User Name Attribute The name of the attribute of a user object that contains the username that will be used to log into the Cloud Service Management Console or Marketplace Portal. The value for this field can be determined by looking at one or more user objects in the LDAP directory to determine which attribute consistently contains a unique user name. Often, you will want a User Name Attribute whose value in a user object is an email address.
Examples:
userPrincipalNameorsAMAccountNameoruidUser Search Base The location in the LDAP directory where users' records are located. This location should be specified relative to the Base DN. If users are not located in a common directory under the Base DN, leave this field blank.
Examples:
cn=Usersorou=PeopleUser Search Filter Specifies the general form of the LDAP query used to identify users during login. It must include the pattern
{0}, which represents the user name entered by the user when logging in to the Cloud Service Management Console or Marketplace Portal. The filter is generally of the form<attribute>= 0}, with<attribute>typically corresponding to the value entered for User Name Attribute.Examples:
userPrincipalName={0}orsAMAccountName={0}oruid={0}Search Option (Search Subtree) When a user logs in to the Cloud Service Management Console or Marketplace Portal, the LDAP directory is queried to find the user’s account. The Search Subtree setting controls the depth of the search under User Search Base.
If you want to search for a matching user in the User Search Base and all subtrees under the User Search Base, leave the Search Subtree checkbox selected.
If you want to restrict the search for a matching user to only the User Search Base, excluding any subtrees, unselect the Search Subtree checkbox.
- Click Save.
Example LDIF Content Record
The following is a sample LDIF (LDAP Data Interchange Format) content record that shows the uniqueMember
group membership attribute being used to define users
cn=User1,ou=providers,ou=users,ou=system and
cn=Manager1,ou=managers,ou=users,ou=system as members of the group
cn=ResourceSupplyManagers,ou=providergrp,ou=groups,ou=system.
dn: cn=ResourceSupplyManagers,ou=providergrp,ou=groups,ou=system
objectclass: groupOfUniqueNames
objectclass: top
cn: ResourceSupplyManagers
uniqueMember: cn=User1,ou=providers,ou=users,ou=system
uniqueMember: cn=Manager1,ou=managers,ou=users,ou=system
To assign this group or DN to the Resource Supply Manager Role, go to the
Access Control section of the Administration area and add the
cn=ResourceSupplyManagers,ou=providergrp,ou=groups,ou=system DN
to the Resource Supply Manager role.
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to clouddocs@hpe.com.
Help Topic ID:
Product:
Topic Title:
Feedback: