Using LDAP with the Delphix Engine requires the following:
- configure the Delphix Engine to use LDAP
- add LDAP users in the Delphix Admin GUI
Configuring LDAP on the Delphix Engine
1.From Server Setup configure LDAP server with the Delphix Engine.
2. Enter the information about the LDAP Authentication Server.
Test Connect will issue an anonymous login request to the LDAP server. If the LDAP server has disabled anonymous access the test will fail. Test the server by adding a valid LDAP user and try logging in.
3. After updating the information and clicking the OK button, the Authentication Service section should reflect the proper information.
Create a new LDAP User account
1.Login to the Delphix Admin interface and go to Manage > Users to add a new user.
2. In the User Management screen, click the Add User button and choose LDAP as the Authentication Type.
3. Fill out the data fields and decide if the user will be a Delphix Admin. For more info on the Delphix Admin setting please see this link. When adding the principal, it is mandatory to specify the entire DN of the user to be added.
Example of LDAP Tree in which the base is:
and people are stored in a People subtree with RDN:
and each individual is keyed by the cn (common name) attribute.
An example DN in this case would be: cn=Tony,ou=people,dc=example,dc=com
When adding an LDAP user you will be asked for the following information:
- Principal - which is the DN from above
- email address
- user name - used to login into Delphix
Password is no longer required because it will authenticate against the password already stored in the LDAP entry, which is presumably known to the individual already. It is probably best if someone familiar with the LDAP tree and using it for authentication were involved at least initially to help understand how to describe the fully qualified DN for users.
Using Microsoft AD as an LDAP server
Using Microsoft AD as a modified LDAP server is also possible. Microsoft AD allows some shortcuts in the specification of the DN when binding.
- <domain>\<user logon name>
- <user logon name>@<domain>.com
As with generic LDAP, it is probably best if someone familiar with using the AD LDAP instance for authentication were involved.