It is not very good to always log in as Admin and in fact many of the customers I have worked with over the years have not allowed that sort of work. Everyone needs a named account. So here we go.
First we need to enable this capability.
Use the green error seen in the image above to start things off.
Fill in the form as you might expect. See below for mine.
My service account above is in the domain admin group but I am looking around for what it should actually be. Update: I tested this with a user in the Domain Users group and it worked. I have used it for several days with no issues. This was done with 6.0.1 and also in 6.0.2.
Make sure to Test.
Once you save this config, you should see something like below.
Look close at the image above. It suggests – at least to me, that there might be some auto synchronization. Meaning you can set it up so any new AD user can log in and get some predefined access but that is not true from what I can tell.
Now we have our AD source define so we can add some users.
Adding Admin Users
Next we will add some admin users. Still in the Home Administration area you should select Access Control.
Now working on the User Accounts tab, as seen above, you should NOT use the green plus. That would allow you to create a local account. You need to use the little icon with two people and a green arrow.
That will start a wizard.
You should change the Import From to read your domain – that you just connected to. You can then search for someone.
Lets select the user and hit Next.
vR Ops 6.0.x
(if you are using 6.1 see the section below) Now since we are creating an admin user we are going to select to add this user to the Administrators group.
Now we change to the Roles page.
Again we select Administrators since we are doing an admin user.
As this is a admin user we are creating I do select the option for all objects access.
vR Ops 6.1
This has been simplified from above in 6.1. After you have selected your user and hit next you see the following.
There are no groups yet made – you will need to do that once you start adding users that are not admin equivalent. Like help desk for example. So in our case, as we are adding an admin user change to the Objects tab.
As you can see here I have selected the check-box to assign Administrator role to my user. Plus, I then selected Allow access to all objects in the system.
Once you hit finished you should see now your user in the list.
You can see exactly status of the account in the image above as well as the access. So quite handy.
We should log out and try logging in as the newly defined user.
There is a little more to this screen then it looks. Make sure to change the source to your domain. Also, the format of my credentials above need to be as they are shown. Not as mwhite nor pml\mwhite. I would suggest an improvement here that mwhite, pml\mwhite, and firstname.lastname@example.org all should work. Update: as of 6.2 you could log in as username or mwhite with no problem.
Update: I was not able to log in at this point in one test. But when I closed the browser, and opened it again I was able to log in. This was with 6.0.1 and it just happened again with 6.0.2. This was not required for 6.1.
But the first time you log in as a new user – at least an admin level one you will see the following.
So you can now add your AD domain, and users to the vR Ops UI. You might ask why I am not showing you how to define groups here. I have had troubles with groups and for me they are not working properly – even got a cool Java error. So I will work with them more and figure them out and add an article for that.
BTW, you can find out how to do read only right here.
- 3/19/16 – updated for 6.2.
- 11/15/15 – LDAP is now called Authentication Sources. Plus some screenshots are different for 6.1 so updated to cover the changes.
- 7/7/15 – added how no change in 6.0.2 for close browser.
- 5/13/15 – added the two update comments on domain user and close browser above.
=== END ===