2.6. Managing Virtuozzo Storage Users¶
During the management panel installation on the first node, Virtuozzo Storage creates the default unique administrator, superadmin. The user name for this account is
root and the password is specified during installation. This account cannot be deleted and its privileges cannot be changed. Other than that, superadmin does not differ from a user account assigned the Administrator role (i.e. an admin).
An admin can create user accounts and assign to them one or more roles listed below:
Administrator. Can fully manage cluster and users.
Network. Can modify network settings and roles.
Cluster. Can create cluster, join nodes to cluster, and manage (assign and release) disks.
iSCSI. Can create and manage iSCSI targets and LUNs.
S3. Can create and manage S3 cluster.
SSH. Can add and remove SSH keys for cluster nodes access.
User accounts to which no roles are assigned are guest accounts. Guests can monitor Virtuozzo Storage performance and parameters but cannot change any settings.
All users can change their own passwords (see Managing User Accounts).
2.6.1. Creating User Accounts¶
To create a user account in the web-based user interface, do the following:
Log in to the management panel as admin.
Open the SETTINGS > Users screen and click ADD USER.
On the Add user panel, specify the user name, password, and, if required, a user description in the corresponding fields.
Check the roles to assign to the account and click Done.
2.6.2. Managing User Accounts¶
Any user can change their account password by clicking the user icon in the top right corner of the management panel and then clicking Change password.
An admin can create/delete other users’ accounts, add/remove roles from them, change their descriptions and passwords (although superadmin’s password can only be changed by superadmin), as well as enable/disable user accounts (i.e. allow/prohibit user login). To manage a user account, login as an admin, open the Settings -> Users screen, select a user from the list, and click Configure or Delete depending on what you need to do.
2.6.3. Adding LDAP or Active Directory Users¶
You can add users and user groups to Virtuozzo Storage from an external LDAP-compliant database or Microsoft Active Directory. These users will be able to log in using their respective user names and passwords. The set of actions these users will be able to perform in Virtuozzo Storage will be defined by the roles you assign in Storage (listed in Managing Virtuozzo Storage Users).
To add an LDAP (or AD) user or group to Virtuozzo Storage, do the following:
On the SETTINGS > Advanced settings screen, open the LDAP/AD tab.
Microsoft Active Directoryfrom the Type drop-down list.
Specify the following parameters:
IP Address of an LDAP server or AD domain controller;
(optional) LDAP Port;
Bind DN (a distinguished name of an LDAP authentication database user) or Login (AD);
Bind Password (LDAP) or Password (AD);
Search Base DN, a distinguished name of a search starting point;
(optional) Advanced LDAP or AD parameters.
Click Save to authenticate in Active Directory or LDAP server.
On the SETTINGS > Users screen, click ADD LDAP USER.
On the Add LDAP users panel, select users or user groups to add to Virtuozzo Storage and click Add.
On the Roles panel, select the roles to assign to selected users or user groups.
If a role is assigned to a group, every user in it is granted the corresponding privileges.
Click Add to add users to Virtuozzo Storage.