Using Directory Services for User Management
  • 2 Minutes to read
  • PDF

Using Directory Services for User Management

  • PDF

Article summary

CTERA Portal can be integrated with the following directory services:

  • Microsoft Active Directory – If you are integrating the CTERA Portal with Active Directory, make sure the ports described in the planning part of the portal installation guide are opened.
  • LDAP directory services:
    • OpenDS
    • Oracle Unified Directory
  • Apple Open Directory

User accounts are automatically fetched and refreshed from the directory, and user authentication is performed using the directory.

Portal administrators can define an access control list specifying which directory service groups and individual users are permitted to access the portal, and which user roles they are assigned in the portal.

Note

Users must have an email address, as well as a first and last name, defined in the directory service. Users without one of these attributes cannot log in to the portal and will cause synchronization to fail.

Nested groups are not supported by default since supporting nested groups has a performance impact. If you need support for nested groups, contact CTERA support.

After users are fetched, they can be viewed in the portal. For details, see Managing Users.

How Directory Service Synchronization Works

When integrated with a directory service, the portal fetches user data from the directory upon the following events:

  • An administrator can manually fetch specific users from the directory. See Manually Fetching User Data.
  • If a user attempts to sign in, but does not yet have a local portal account, their user account is automatically fetched from the directory.
  • The directory services settings are configured to automatically create a local portal account, without the user having to sign in to the portal.
  • The portal automatically re-fetches all previously fetched directory users, every day at midnight, as part of the daily Apply provisioning changes task. An administrator can force a re-synchronization of all previously fetched directory users, by running the Apply Provisioning Changes Wizard. See Applying Provisioning Changes.

CTERA Portal handles special cases as follows:

  • If during the fetch it is determined that a user exists in the local user database but not in the directory, then the user is assumed to have been deleted, and CTERA Portal deletes the user from the local user database. The user’s folders are not deleted.
  • If the access control list specifies that the user is no longer allowed to access CTERA Portal, then CTERA Portal changes the user account's role to Disabled. The user account is not deleted.
Note

Each virtual portal can optionally be integrated with a different Active Directory or LDAP directory.


Was this article helpful?