User guide

ManualsBrandsVMware ManualsComputer equipmentSOFTWARE REPOSITORY FOR WINDOWS 1.1

Create an authentication provider at the Admin > Security > Authentication

Providers menu of the ViPR UI.

Create an authentication provider using the CLI, as follows:

a. Create a provider.cfg file in local folder. The content of provider.cfg

should resemble the example below.

[Camb AD]

mode:ad

url:ldap://192.0.2.20

certificate:test_cert

passwd_user:Password

managerdn:CN=Administrator,CN=Users,DC=mytown,DC=emc,DC=com

searchbase:CN=Users,DC=mytown,DC=emc,DC=com

searchfilter:sAMAccountName=%U

searchkey:sAMAccountName

groupattr:CN

name:ad configuration

domains:mytown.emc.com

whitelist:*Admins*,*Test*

b. Add AD/LDAP authentication provider. You must be authenticated as a user

with the Security Administrator role to do this operation.

viprcli authentication add-provider -configfile

provider.cfg

3. Create a new tenant that uses the domain covered by the authentication provider. You

need to be a Tenant Administrator for the parent tenant to create a tenant. For

example:

viprcli tenant create -name marketing -domain mytown.emc.com

4. You can control the users mapped into a tenant by specifying attributes or specifying

AD group. For example, if you only want users assigned to a specific department in AD

to be mapped into the tenant, you can set key/value attributes. For example:

viprcli tenant add-attribute -name marketing -key department

-value marketingdepartment

This provides the ability, if required, to map uses from the same domain into different

tenants by the appropriate attribute to their AD user.

To map user from an Active Directory group into the tenant, you can use the tenant

add-group. For example:

viprcli tenant add-group -name marketing -group "lab users"

-domain mytown.emc.com

5. If you want to assign access to a virtual array to the newly-created tenant, you can use

the following steps.

By default, the access control list (ACL) for a virtual array is wide open and all tenants

have access. Once you assign a tenant to the ACL for a virtual array, only that tenant

will have access unless you assign other tenants to the ACL.

a. Get a list of virtual arrays.

viprcli varray list

b. Assign an array to the ACL for the tenant. For example:

viprcli allow -name <varray name> -tn marketing

viprcli varray list

NAME

Isilon_Virtual_Array

v_array

Setting Up Multiple Tenants

80 EMC ViPR 1.1.0 Installation and Configuration Guide