Once an LDAP service has been registered, user accounts can be configured to use the service. As described in the following sections, user accounts can be configured through either the Web UI or the Users API.
Using the Web UI to configure a user account for LDAP authentication
To create a new user account, take the following steps.
1. Navigate to the Manage Users view by clicking the manage users icon
.
2. Click + New User.
3. Under the General tab, provide tenant, user name, and user role information.
4. Click the Authentication Setup tab.
Option 1. If you are adding the LDAP service as an additional authentication type for the user account, click + Add Authentication Service.
Option 2. If you want to use only the LDAP service, modify the properties of the current authentication type.
5. Select the LDAP service from the Authentication Type dropdown.
6. In the External Usernames field, specify the user or users you want to associate with the Hybrid Data Pipeline user account. Any user name provided should correspond to a user name persisted by the authentication service.
7. Click Save.
To modify a current user account, take the following steps.
1. Navigate to the Manage Users view by clicking the manage users icon
.
2. From the list of user accounts, click the user account you want to modify.
3. Click the Authentication Setup tab.
Option 1. If you are adding the LDAP service as an additional authentication type for the user account, click + Add Authentication Service.
Option 2. If you want to use only the LDAP service, modify the properties of the current authentication type.
4. Select the LDAP service from the Authentication Type dropdown.
5. In the External Usernames field, specify the user or users you want to associate with the Hybrid Data Pipeline user account. Any user name provided should correspond to a user name persisted by the authentication service.
6. Click Update to save your changes to the user account.
Using the Users API to configure a user account for LDAP authentication
To create a new user account, take the following steps.
The following POST operation creates a user account that authenticates through an LDAP service. Here the end user (LDAP_user_1) authenticates via an LDAP service ("authServiceId": 21). This end user inherits all the attributes associated with the testuser2 account. For further details, see Create a user account.
To modify a current user account, take the following steps.
The following PUT operation updates user account 202 to use the LDAP service ("authServiceId": 21) for managing authentication. Two end users (user_1 and user_2) have been associated with the account. Their credentials are managed through the authentication service that has ID 21. Each user inherits all the attributes associated with user account 202. For further details, see Update authentication information on a user account.
Request
PUT https://MyServer:8443/api/admin/users/101/authinfo
.
Option 1. If you are adding the LDAP service as an additional authentication type for the user account, click + Add Authentication Service.
.