Configuring LDAP Integration with Active Directory for Aria Automation Config
In this article, we will explore how to configure LDAP integration with Active Directory for Aria Automation Config. This will enable centralized control of access and roles within the Aria Automation Config interface. We will cover the initial requirements, configuring the LDAP option in the Aria Automation Config appliance, allocating users and groups for access, and enabling resource access.
Initial Requirements
——————–
Before we begin configuring the integration in the Aria Automation Config product, there are some initial requirements that must be met:
1. The Aria Automation Config appliance should be up and running with the necessary prerequisites installed.
2. An Active Directory server should be set up and running with the appropriate users and groups created.
3. The Aria Automation Config instance should be deployed in a lab environment for testing purposes.
Configuring LDAP Integration
—————————–
To configure LDAP integration with Active Directory, follow these steps:
1. Log in to the Aria Automation Config appliance using the admin account and password specified during deployment.
2. From the menu, expand the Administration section and select the Authentication option.
3. From the Configuration type dropdown, select the LDAP option.
4. Select the PREFILL DEFAULTS dropdown and select AD, Windows Server 2008 and later (note: ensure your AD server is version 2008 or newer).
5. The form will now display with some information included and some fields empty. The required fields are noted by a red underline.
6. Edit the fields as follows:
* Server: Enter the hostname or IP address of your Active Directory server.
* Base DN: Enter the base distinguished name of your Active Directory domain.
* User Search Filter: Enter the filter to search for users in your Active Directory domain (e.g., “(&(objectClass=user)(CN=john,OU=Engineering,DC=example,DC=com))”).
* Group Search Filter: Enter the filter to search for groups in your Active Directory domain (e.g., “(|(objectClass=group)(CN=marketing,OU=Department,DC=example,DC=com))”).
7. Once you have configured the above fields with your settings, click the UPDATE PREVIEW button.
8. The pane below will eventually load Groups and Users into view. Depending on the size of your directory, this may take some time.
9. Once you are happy with everything, click the SAVE button to save the settings and confirm the LDAP connection.
Allocating Users and Groups for Access
—————————————-
Now that we have established and saved the LDAP connection, we can proceed with allocating users and groups for access into the Aria Automation Config interface. Follow these steps:
1. From the menu on the left, under Administration, select the Groups option.
2. Find your Active Directory group you created in the requirements section from the list and tick the checkbox.
3. Click the SAVE button.
4. From the menu on the left, under Administration, select the Roles option.
5. Ensure in the left pane, the Salt Master role is selected.
6. Click on the Groups option.
7. Select the checkbox against your Active Directory group and then click SAVE.
8. Select the Resource access tab.
9. Enable both Show all * options as shown below and assign full permissions to each entry. Then click the Save button.
Signing Out and Logging In with LDAP Authentication
——————————————————-
After configuring the LDAP integration, you may notice that the login page is slightly different now. In the select authentication background dropdown, select your LDAP connection as shown below:
Enter the user account and password for the Active Directory user that is within your Active Directory group, and then login.
Congratulations! You have now established Active Directory connectivity and authentication for your Aria Automation Config instance. This integration will enable centralized control of access and roles within the Aria Automation Config interface, streamlining management and ensuring consistency across your IT infrastructure.