User guide
</domains>
<name>multi-domain forest</name>
<server_urls>
<server_url>ldaps://MyLDAPServer.yourco.com:3269</
server_url>
</server_urls>
<server_cert>my_server_certificate</server_cert>
<manager_dn>CN=manager_bind,OU=Test1,OU=Test,DC=yourco,DC=com</
manager_dn>
<manager_password>Password</manager_password>
<group_attribute>CN</group_attribute>
<search_base>DC=yourco,DC=com</search_base>
<search_filter>userPrincipalName=%u</search_filter>
<search_attribute_key>userPrincipalName</
search_attribute_key>
<group_whitelist_values></group_whitelist_values>
<search_scope>SUBTREE</search_scope>
</authnprovider_create>
3. Get the urn ID of the root provider tenant.
You must have the Tenant Administrator role to perform this operation.
Request
GET /tenant
Response
<tenant_info>
<id>urn:storageos:TenantOrg:e5013f5e-41d7-4cf9-
b1fd-4fecfad0c18c:</id>
<name>Provider Tenant</name>
<link href="/tenants/
urn:storageos:TenantOrg:e5013f5e-41d7-4cf9-b1fd-4fecfad0c18c:"
rel="self"/>
</tenant_info>
The urn of the root provider tenant in this example is:
urn:storageos:TenantOrg:e5013f5e-41d7-4cf9-b1fd-4fecfad0c18c:
Use this urn as the parent when creating a new tenant in the following step.
4. Create a new tenant and map users to it through a domain that is included in the
authentication provider.
Note
The set of LDAP users assigned to a subtenant is always a subset of the users mapped
to the Provider Tenant.
In this example, the users in the domain domain2.yourco.com are mapped into
the tenant called EMC tenant. You must have the Tenant Administrator role for the
parent tenant to perform this operation. The {id} variable is the URN of the provider
tenant.
Request
POST /tenants/{id}/subtenants
<tenant_create>
<name>EMC_tenant</name>
<user_mappings>
<user_mapping>
<domain>domain2.yourco.com</domain>
</user_mapping>
</user_mappings>
</tenant_create>
Setting Up Multiple Tenants
Configuring multiple tenants with the REST API 75