To map external user groups to predefined WS-NOC roles
Purpose
In an NSP deployment that includes the WS-NOC, an NSP cluster, rather than an WS-NOC server, hosts the nspOS instance. In order for an NSP user to gain WS-NOC access through an external authentication source, the NSP user group property must be mapped to a predefined WS-NOC role.
Perform this procedure to create the NSP user mappings for WS-NOC remote access.
Note: The mapping is not required for read-only access.
Note: You must perform the steps on the NOC and DRC MnCMain VMs in an HA WS-NOC deployment.
Note: A leading # symbol in a command represents the root user prompt, and is not to be included in the command.
Steps
1 |
Log in to the VM as a maintenance user. |
2 |
Enter the following: # sudo chown otn:gadmin ext-auth-map.properties ↵ |
3 |
Enter the following to open the user profile mapping file for editing: # sudo vi $MNC_HOME/config/bench/ext-auth-map.properties ↵ |
4 |
Edit the file to create the required mappings between the external group and the predefined WS-NOC user roles. The following is an example of the file content; see “I.4 LDAP group – Profile Mapping” in the WaveSuite Installation/Migration Guide for more information: Note: The profile.map.num value must equal the highest group profile number defined in the file. profile.map.num=8 extauth.map.1.extrole=Administrator extauth.map.1.profile=Administrator extauth.map.2.extrole=Constructor extauth.map.2.profile=Constructor extauth.map.3.extrole=Operator extauth.map.3.profile=Operator extauth.map.4.extrole=Viewer extauth.map.4.profile=Viewer extauth.map.5.extrole=ldapadmin extauth.map.5.profile=Administrator extauth.map.6.extrole=ldapconstruct extauth.map.6.profile=Constructor extauth.map.7.extrole=ldapoper extauth.map.7.profile=Operator extauth.map.8.extrole=ldapviewer extauth.map.8.profile=Viewer where each extrole value is an external user group property returned by the authentication source |
5 |
Save and close the file. |
6 |
Log out of the VM. |
7 |
Configure the required external LDAP, RADIUS, or TACACS+ authentication sources in each NSP cluster. End of steps |