Previous Topic: Configure a DSA Console Using DXmanager

Next Topic: Secure the DSA Console with TLSclient

Specify Which Users Can Connect to a DSA Console

You can specify which users can connect to a DSA console.

To specify which users can connect to a DSA Console

  1. Ensure that the DSA has a local or remote console port set up and working correctly.
  2. Stop the DSA.
  3. (Optional) Create one or more roles, containing users you want to give access to.
  4. Add the following command to the DSA's settings configuration file:
    set dxconsole-users = [users], [roles];
    
  5. Save the changed configuration file.
  6. Start the DSA.

Example: Set Up the Democorp DSA to Allow Directory Users to Connect through a console

This example shows how to allow users in the Democorp directory to connect to the DSA.

  1. Add the following commands to the Democorp DSA's settings file:
    set dxconsole-users = <c AU><o Democorp><ou Corporate> <ou Administration><cn "Craig Link">,<c AU><o Democorp><ou Roles>;
    set role-subtree = <c AU><o Democorp><cn Roles>;
    set use-roles=true;
    
  2. Use JXweb to add passwords to the following entries in the Democorp DSA:
  3. Use JXweb to create a new role with one member as follows:
    1. Create the following entry with an object class of groupOfNames:
      • cn=Roles,o=Democorp,c=AU
    2. Add the following DN to the member field:
      • cn=Nadia Kite,ou=Administration,ou=Corporate,o=Democorp,c=AU
  4. Reinitialize the Democorp DSA by running the following command as user dsa:
    dxserver init democorp
    

    You are now ready to test the DSA console login:

  5. Try to use the DSA console to connect to the Democorp DSA using the following credentials:

    The login should work.

  6. Try to use the DSA console to connect to the Democorp DSA using the following credentials:

    The login should work.

  7. Try to use the DSA console to connect to the Democorp DSA using the following credentials:

    The login should not work.

More information:

How the DSA Console Can Authenticate Using Directory Entries

set dxconsole-users Command—Specify Which Users Can Connect to the DSA Console

Groups and Roles


Copyright © 2009 CA. All rights reserved. Email CA about this topic