Product: Stratusphere FIT/UX
Product Version: 6.7.X
Expires on: 365 days from publish date
Updated: October 10, 2024
Domain Setup
LDAP Connection
Within DNS Administrator, consider creating a series of A Name records all called LDAP, but pointing to the different domain controllers you would like Stratusphere to communicate with. Typically, these domain controllers are going to be local to the site where Stratusphere is installed. This LDAP DNS entry will round-robin between all the entries allowing for a domain controller to be offline and not break Stratusphere’s ability to connect to the domain for authentication.
LDAP Connection Account
Consider creating a dedicated Active Directory Service Account for Stratusphere to connect to Active Directory to Authenticate users upon login as well as import the users in the Stratusphere groups into the Stratusphere environment on a scheduled basis.
Stratusphere Groups
Within Active Directory Users and Computers, consider adding 2 groups for Stratusphere users. The first Group, Stratusphere_Admins, should be created for any Active Directory account that will be allowed to log into Stratusphere with administrative access. The second group, Stratusphere_Users, should be created and have members that will be allowed to login to Stratusphere and view the data.
While creating the groups it is advised to get the distinguished names of both groups to utilize later. In the case of the demo environment, the Groups have the following DNs:
DN of Group: CN=Stratusphere_Admins,OU=DomainGroups,DC=liquidware,DC=lab
DN of Group: CN=Stratusphere_Users,OU=DomainGroups,DC=liquidware,DC=lab
It’s also advisable to get the DN of the users that will have access to Stratusphere. In the case of the demo environment all users are in the same OU.
DN of User: CN=Kenny McCormick,OU=DomainUsers,DC=liquidware,DC=lab
Using the DN’s of the User and the Groups the following information is determined:
Base DN | DC=liquidware,DC=lab |
User Search Base | OU=DomainUsers |
Group Search Base | OU=DomainGroups |
Create Stratusphere Directory
Directory Properties
While in the Administration module of Stratusphere, click on the Hub Administration tab and the Directories sub-tab to create a new authentication directory.
- Click the New Directory button
- Enter an easily recognized directory name for the Name field.
- Ensure the “User for Logins” box is checked
- Select “AD” for Directory Type
- For the Fully Qualified Domain Name, enter the Fully qualified domain name for the domain, a domain controller, or the subset of domain controllers described above in the LDAP Connection area.
- For the Port selection, make the appropriate selection for your environment. Most will select Use Default Port.
- For Security, if desired you can configure Stratusphere to connect via the secured port (636) or by default the unsecured port (389). Environments will need to be properly configured for the secured connection.
- The Administrator Name and associated password is an account that has access to AD to perform authentication to the LDAP environment.
- The Base DN is the base DN for the domain.
If you click “Create New Directory” now, the directory should be created, but without any filters on groups or users to pull in. Continue to the Advanced User and User Group Properties to configure the appropriate filters on user imports.
Advanced User and User Group Properties
The best way to import Stratusphere users is to import only the users and groups needed, not all users and groups in the Active Directory.
- Select the Yes radio button for Import User & Groups
- In the User Search Filter replace the default values with the following:
(&(objectClass=person)(!(objectClass=computer))(!(objectClass=contact))(|(memberof=CN=Stratusphere_Admins)(memberof=CN=Stratusphere_Users))) - Using Active Directory Users and Computers, find the Distinguished Name of the Stratusphere_Admins and Stratusphere_Users groups created earlier. Replace the information for each group with the full DN of each group. For example, in this demo environment the filter will be
(&(objectClass=person)(!(objectClass=computer))(!(objectClass=contact))(|(memberof=CN=Stratusphere_Admins,OU=DomainGroups,DC=liquidware,DC=lab)(memberof=CN=Stratusphere_Users,OU=DomainGroups,DC=liquidware,DC=lab)))
- Optionally, the LDAP query can be sped up by limiting the user search to a certain OU which will include all subsequent OU’s. The User Search Base is prepended to the Base DN previously configured. In the demo environment, the User Search Base is OU=DomainUsers.
- Assign the users that are a member of the Stratusphere_Admins group to the Stratusphere Administrator role by adding the group name to the Assign Administrator role Groups. Each group is simply the group name separated by commas.
- The Group Search filter can be limited to only import Stratusphere Groups simply by listing the CN of the group in the filter. For example, (&(objectClass=group)(|(cn=Stratusphere_Admins)(cn=Stratusphere_Users)))
- Optionally, the LDAP query can be sped up by limiting where groups are found by adding a Group Search Base of where Active Directory Groups for Stratusphere are located . For example in the demo environment, the setting is set to OU=DomainGroups and this is prepended to the Base DN previously configured.
- Click Create New Directory or if you are making a change to an existing directory, click Save Changes to update the directory information.
Import Users and Groups
Import from Directory
Once created, import users and groups from the directory. There currently isn’t a way to test the import other than performing the import. If too many users or groups are imported, adjustments to the LDAP information will remove imported users. Click the Import from Directory Tab. Click the Import button.
If the import is successful, there will be a summary message of the number of user and groups imported. If the import fails an error message will be displayed. The event log of Stratusphere may also have some additional data regarding the failure.
Schedule the Import
For Stratusphere users and administrators to be kept up to date it is important to schedule the import. The users, groups and roles if selected will be updated with the import process.
- Click the Schedule Import tab
- Click Yes next to Scheduled
- Select a frequency for the import. Daily imports are suggested at an off time. Imports will only update the users and groups defined in the import filters.
4. Click the Set Schedule button to configure the import schedule.