Overview
Once the AD/LDAP Connector is configured for administrator provisioning, you can register your AD/LDAP Accounts with Connectors. This article offers comprehensive instructions for registering these accounts, including the steps for adding account credentials.
Before you begin
Ensure that you have completed the following configurations:
Installed the AD/LDAP Connector. For more information, see Download and Install AD/LDAP Connector.
Configured the AD/LDAP Connector. For more information, see Configure AD/LDAP Connector.
Register your AD/LDAP Account
From the Druva Cloud Platform console, go to the Druva Cloud Settings page.
Click AD/LDAP Connectors and go to the Accounts tab.
Click Register New Account. The Register AD/LDAP Account window appears.
On the Register AD/LDAP Account window, enter the appropriate information for the below fields:
Directory Service Type: Select below services to register with Cloud:
Microsoft AD: Microsoft Active Directory server.
LDAP (Other): Other services using LDAP protocol, including OpenLDAP - an open-source implementation.
AD/LDAP Connector: Select the AD/LDAP Connector from the dropdown to register.
Host: Enter the Hostname of the server where the Global Catalog or the Domain Controller is available.
Port: Enter the port number to access your AD/LDAP directory.
If you are registering the AD/LDAP by using its Domain Controller details, you must use 636 as the port number for a secured connection or 389 as the port number for an unsecured connection.
If you are registering the AD/LDAP by using Global Catalog server details, you must use 3269 as the port number for a secured connection or 3268 as the port number for an unsecured connection.
Use Secure Connection: Select this check box to access your AD/LDAP through an HTTPS connection.
📝 NotesBy default, the “Username” and “Password” fields are in a disabled state. Once the account is registered, you must Add Account Credentials from the installer's Manage AD Accounts tab.
If the account credentials are already stored on Cloud, you are not required to add the account credentials separately from the Manage AD Accounts section. The Username and Password are auto-populated in the respective fields.
Attribute Mapping: If you are registering LDAP as the Directory Service, you must enter the following Attribute Mapping details.
Email: Type the LDAP attribute for email, that should map to the Druva email address.
Username: Type the LDAP attribute that should map to the Druva username.
Login Name: This is the distinguished name of the user. This is used as a username for LDAP-based authentication.
Click Register. The AD Account is successfully registered, and you can view the account details on the AD/LDAP Connectors page.
Add Account Credentials
On Windows
📝 Notes
If the account credentials are already stored on Cloud, you are not required to add the account credentials separately from the Manage AD Accounts section.
When you establish a connection, you provide the AD/LDAP Server credentials that have read-only permissions on the AD/LDAP Connector. These credentials are saved in an encrypted format in the ADConfig.yaml file for that AD Connector.
To add account credentials
On the system where you have the AD/LDAP Connector installed, click Start > ADConnector. The ADConnector window appears.
Select Manage AD Accounts.
On the Manage AD Account credentials page, add the “Username” and “Password” and click Save. The Account Credentials are now successfully added.
On Linux (CentOS, RHEL & Ubuntu)
📝 Notes
If the account credentials are already stored on Cloud, you are not required to add the account credentials separately from the Manage AD Accounts section.
When you establish a connection, you provide the AD/LDAP Server credentials that have read-only permissions on the AD/LDAP Connector. These credentials are saved in an encrypted format in the ADConfig.yaml file for that AD Connector.
To add account credentials
Open the command line interface window.
In the command prompt, run the following command to list the AD//LDAP accounts:
ADConnectorAgent ad-connector listaccounts
Copy the Account ID for the AD/LDAP account Host IP for which you want to set the credentials. You will require the Account ID to set the account credentials.
Now run the following command to set the account credentials:
ADConnectorAgent ad-connector setaccountcreds -i <<id>> -u <<username>> -p <<password>>
where <<id>> is the account ID that you copied from the listed AD/LDAP accounts.