Previous Topic: How to SCP/sFTP files to the Filer Application or Any Managed ApplianceNext Topic: How to Set Up RDP for Windows Server 2008 Appliances

Reference InformationCA AppLogic Support Knowledge BaseOverview of Support Knowledge BaseHow to Set Up AppLogic LDAP or Active Directory Config for Global Users

How to Set Up AppLogic LDAP or Active Directory Config for Global Users

Setting up an AppLogic global user can be tricky, and these steps must be performed in the correct sequence to establish a global user.

  1. Configure the grid authentication tab in the BFC. You must have accurate data from the LDAP or AD server. I configured for LDAP since I found that this is what worked here in the CA network.
  2. Next, signon to the the controller UI with your global CA signon. You must pre-pend a "/" to the user id to identify it as a global user. You should receive a rejection message indicating you do not have permission to access. This is good. This means you have been authenticated, but the user id needs to be given access to AppLogic. Any other message is bad.
  3. From within the AppLogic CLI, issue 'user info' to see the global userid. "/" must be pre-pended to identify a global user. 
    dltest1-3519> user info /lopda01
Comment :
E-mail Address :
User ID : gu:lopda01
Locale :
Login Name : lopda01
Primary Group : 778fee4e-9b83-4160-8b79-8bb0e1a87af8 # local group all
Real Name :
Scope : global 
— Group Membership Information —
ID Scope Type Name
--------------------------------------------------------
778fee4e-9b83-4160-8b79-8bb0e1a87af8 local group all
  4. Give the userid a key. 
    dltest1-3519> user set /lopda01 sshkey="ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAshB4wYnPyFriTN4D+YqpgMK0ds2yf788R9Ja5WnSlvqbVHBGYfSOqvtVZWVYssZIDLIC5sAB/docIH6Tu6KujDXHtXo+TjpIGQYeBGHdgzZlJoNmqRZVyFRU07l9ryktV2jiDue+yV1lL0sx6UFH0uG1s5xypzxVo6zKwZjaRns= rsa-key-20120926"

    Adding new key for user id gu:lopda01

  5. Give the userid access. 
    dltest1-3519> grid modify_acl /lopda01=grid_operator
  6. Verify access. 
    dltest1-3519> grid get_acl
— Owner Information —
ID Scope Type Name
-------------------------------------------------------------------------------
a5cb10bc-7291-4a86-84f8-74419fc9ae63 local group admin 
— Entry Information —
ID Scope Type Name Access
--------------------------------------------------------------------------------
a5cb10bc-7291-4a86-84f8-74419fc9ae63 local group admin grid_administrator
453033e4-5ac1-4c64-874f-9e12f109b261 local user lopda01 grid_administrator
9ed7f87e-cf7a-47a5-bb00-00eb00475388 local user jnelson grid_administrator
2473b909-da3d-4e18-b985-8edfaa2873f1 local user admin grid_administrator
58cc325a-e62a-47b8-9f8e-a05c882ba721 local user jsmart grid_administrator
gu:lopda01 global user lopda01 grid_operator
92a9f123-665c-4d14-a491-57f2d3e72a55 local user dlopez grid_administrator
  7. You can now signon with the global userid and CA network password.