To map external user groups to predefined WS-NOC roles

Purpose

In an NSP deployment that includes the WS-NOC, an NSP cluster, rather than an WS-NOC server, hosts the nspOS instance. In order for an NSP user to gain WS-NOC access through an external authentication source, the NSP user group property must be mapped to a predefined WS-NOC role.

Perform this procedure to create the NSP user mappings for WS-NOC remote access.

Note: The mapping is not required for read-only access.

Note: You must perform the steps on the NOC and DRC MnCMain VMs in an HA WS-NOC deployment.

Note: A leading # symbol in a command represents the root user prompt, and is not to be included in the command.

Steps
 

Log in to the VM as a maintenance user.


Enter the following:

sudo chown otn:gadmin ext-auth-map.properties ↵


Enter the following to open the user profile mapping file for editing:

sudo vi $MNC_HOME/config/bench/ext-auth-map.properties ↵


Edit the file to create the required mappings between the external group and the predefined WS-NOC user roles. The following is an example of the file content; see “I.4 LDAP group – Profile Mapping” in the WaveSuite Installation/Migration Guide for more information:

Note: The profile.map.num value must equal the highest group profile number defined in the file.

profile.map.num=8

extauth.map.1.extrole=Administrator

extauth.map.1.profile=Administrator

extauth.map.2.extrole=Constructor

extauth.map.2.profile=Constructor

extauth.map.3.extrole=Operator

extauth.map.3.profile=Operator

extauth.map.4.extrole=Viewer

extauth.map.4.profile=Viewer

extauth.map.5.extrole=ldapadmin

extauth.map.5.profile=Administrator

extauth.map.6.extrole=ldapconstruct

extauth.map.6.profile=Constructor

extauth.map.7.extrole=ldapoper

extauth.map.7.profile=Operator

extauth.map.8.extrole=ldapviewer

extauth.map.8.profile=Viewer

where each extrole value is an external user group property returned by the authentication source


Save and close the file.


Log out of the VM.


Configure the required external LDAP, RADIUS, or TACACS+ authentication sources in each NSP cluster.

End of steps