Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Search for | Example | Results |
---|---|---|
A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Search for | Operator | Example |
---|---|---|
Two or more words in the same topic |
|
|
Either word in a topic |
|
|
Topics that do not contain a specific word or phrase |
|
|
Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
A combination of search types | ( ) parentheses |
|
Prepare LDAP for CSA
CSA supports limited authentication and has a fixed set of user names (and associated passwords) that can be used to log in. This basic form of authentication can be used for initial setup and experimentation with the product, but in a production environment, authentication should be configured to occur against a directory service.
CSA can be configured to authenticate against a Lightweight Directory Access Protocol (LDAP) server. Users can then log in with a pre-existing user name (such as an enterprise email address) and password combination. LDAP authenticates the login credentials by verifying that the user name and password match an existing user in the LDAP directory.
In CSA, LDAP is used to:
- Authenticate a user's login to the Cloud Service Management Console and Marketplace Portal
- Authenticate a user's access to information
- Authorize a user's access to information
- Retrieve information about a user's manager for approvals
- Retrieve information about a user's group membership for approvals
These functions are configured when you configure LDAP and access control for an organization.
Before you configure LDAP for the Cloud Service Management Console or Marketplace Portal, you should be familiar with your enterprise LDAP server and LDAP configuration tasks.
Note The user object configured in LDAP that is used to log in to
CSA and by which users can be
identified should be configured to contain the following attribute types:
- User Email - Required. This attribute type designates the email address of the user to which to send email notifications. Common LDAP attribute names for email include mail, email, and userPrincipalName. If the value for this attribute in the user object in LDAP is empty or not valid, the user for whom the value is empty or not valid does not receive email notifications.
- Manager Identifier - Required. This attribute type identifies the manager of the user. A common LDAP attribute name for a user's manager is manager. If the value for this attribute in the user object in LDAP is empty or not valid, approval policies that use the User Context Template will fail.
- Manager Identifier Value - Required. This attribute type describes the value of the manager identifier. A common value for the manager identifier in LDAP is the dn (distinguished name) of the manager's user object. If the manager's user object cannot be located based on the values for manager identifier and manager identifier value, approval policies that use the User Context Template will fail.
The group object configured in LDAP must contain the following attribute type:
- Group Membership - Required. This attribute type identifies a user as belonging to the group. Common LDAP attribute names that convey group membership include member and uniqueMember.
The attribute names configured in your LDAP directory for these attribute types are used when configuring an organization's LDAP in the Cloud Service Management Console.
Note
Do not create users in your LDAP directory that match the built-in users provided by
CSA: csaCatalogAggregationTransportUser
,
csaReportingUser
,ooInboundUser
, and codarintegrationUse
.
Creating the same users in LDAP may allow the CSA built-in users unintended access to the
Cloud Service Management Console or give the LDAP users unintended privileges.
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to clouddocs@hpe.com.
Help Topic ID:
Product:
Topic Title:
Feedback: