Description
The Veritas NetBackup OpsCenter Administrator's Guide for Release 7.6 talks about adding AD/LDAP domain authentication into OpsCenter. It includes the syntax for using UNIX LDAP, but it does not give information specific to adding an Active Directory domain into OpsCenter.
To add an Active Directory LDAP domain in OpsCenter following the below steps:
- Logon to the OpsCenter Server.
- On the command prompt, navigate to the following directory:
Installation_Directory\OpsCenter\server\authbroker\bin - Run the following command to create an AD/LDAP domain on the OpsCenter Server:
vssat addldapdomain -d LDAPDomainName -s LDAPServerName -u dc=domainName1,dc=domainName2 -g dc=domainName1,dc=domainName2 -t msad -m cn=UserName,cn=users,dc=domainName1,dc=domainName2 -w Password -b BOB- Example:
vssat addldapdomain -d myldapdomain -s ldap://dc-sql1.lab.symc -u dc=lab,dc=symc -g dc=lab,dc=symc -t msad -m cn=administrator,cn=users,dc=lab,dc=symc -w <password> -b BOB
- Example:
- Run the following command to add the OpsCenter Server as authentication broker:
vssat addbrokerdomain -b OpsCenterServerName:3652 -d ldap:LDAPDomainName- Example:
vssat addbrokerdomain -b OpsCenterServer01:3652 -d ldap:myldapdomain
- Example:
- Then proceed to configure the users and/or groups in the OpsCenter UI under Settings - Users.
Notes:
- a.) The UserName used in step 3 needs to be an account that has sufficient rights to be able to query active directory.
- b.) The UserName used in step 3 needs to be an account in which the password will not change. If the password changes the authentication broker will no longer be able to communicate with active directory.
- c.) Syntax to delete a domain entry (Do not delete any domain entries unless you are certain that they are not needed.):
vssat removeldapdomain -d LDAPDomainName- Example:
vssat removeldapdomain -d myvirtual
- Example:
- d.) Syntax to delete a mapping entry (Do not delete any mapping entries unless you are certain that they are not needed.):
vssat deletebrokerdomain --broker OpsCenterServerName:3652 --domain ldap:LDAPDomainName- Example:
vssat deletebrokerdomain --broker nbmaster1:3652 --domain ldap:myvirtual
- Example:
- e.) The path specified in the -u switch must contain the Active Directory user accounts to be authenticated. Accounts that are located in other locations within Active Directory will not authenticate.
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.