W E K A
4.3
4.3
  • WEKA v4.3 documentation
    • Documentation revision history
  • WEKA System Overview
    • WEKA Data Platform introduction
      • WEKA system functionality features
      • Converged WEKA system deployment
      • Optimize redundancy in WEKA deployments
    • SSD capacity management
    • Filesystems, object stores, and filesystem groups
    • WEKA networking
    • Data lifecycle management
    • WEKA client and mount modes
    • WEKA containers architecture overview
    • Glossary
  • Planning and Installation
    • Prerequisites and compatibility
    • WEKA cluster installation on bare metal servers
      • Plan the WEKA system hardware requirements
      • Obtain the WEKA installation packages
      • Install the WEKA cluster using the WMS with WSA
      • Install the WEKA cluster using the WSA
      • Manually install OS and WEKA on servers
      • Manually prepare the system for WEKA configuration
        • Broadcom adapter setup for WEKA system
        • Enable the SR-IOV
      • Configure the WEKA cluster using the WEKA Configurator
      • Manually configure the WEKA cluster using the resource generator
      • Perform post-configuration procedures
      • Add clients to an on-premises WEKA cluster
    • WEKA Cloud Deployment Manager Web (CDM Web) User Guide
    • WEKA Cloud Deployment Manager Local (CDM Local) User Guide
    • WEKA installation on AWS
      • WEKA installation on AWS using Terraform
        • Terraform-AWS-WEKA module description
        • Deployment on AWS using Terraform
        • Required services and supported regions
        • Supported EC2 instance types using Terraform
        • WEKA cluster auto-scaling in AWS
        • Detailed deployment tutorial: WEKA on AWS using Terraform
      • WEKA installation on AWS using the Cloud Formation
        • Self-service portal
        • CloudFormation template generator
        • Deployment types
        • AWS Outposts deployment
        • Supported EC2 instance types using Cloud Formation
        • Add clients to a WEKA cluster on AWS
        • Auto scaling group
        • Troubleshooting
      • Install SMB on AWS
    • WEKA installation on Azure
    • WEKA installation on GCP
      • WEKA project description
      • GCP-WEKA deployment Terraform package description
      • Deployment on GCP using Terraform
      • Required services and supported regions
      • Supported machine types and storage
      • Auto-scale instances in GCP
      • Add clients to a WEKA cluster on GCP
      • Troubleshooting
      • Detailed deployment tutorial: WEKA on GCP using Terraform
      • Google Kubernetes Engine and WEKA over POSIX deployment
  • Getting Started with WEKA
    • Manage the system using the WEKA GUI
    • Manage the system using the WEKA CLI
      • WEKA CLI hierarchy
      • CLI reference guide
    • Run first IOs with WEKA filesystem
    • Getting started with WEKA REST API
    • WEKA REST API and equivalent CLI commands
  • Performance
    • WEKA performance tests
      • Test environment details
  • WEKA Filesystems & Object Stores
    • Manage object stores
      • Manage object stores using the GUI
      • Manage object stores using the CLI
    • Manage filesystem groups
      • Manage filesystem groups using the GUI
      • Manage filesystem groups using the CLI
    • Manage filesystems
      • Manage filesystems using the GUI
      • Manage filesystems using the CLI
    • Attach or detach object store buckets
      • Attach or detach object store bucket using the GUI
      • Attach or detach object store buckets using the CLI
    • Advanced data lifecycle management
      • Advanced time-based policies for data storage location
      • Data management in tiered filesystems
      • Transition between tiered and SSD-only filesystems
      • Manual fetch and release of data
    • Mount filesystems
      • Mount filesystems from Single Client to Multiple Clusters (SCMC)
    • Snapshots
      • Manage snapshots using the GUI
      • Manage snapshots using the CLI
    • Snap-To-Object
      • Manage Snap-To-Object using the GUI
      • Manage Snap-To-Object using the CLI
    • Quota management
      • Manage quotas using the GUI
      • Manage quotas using the CLI
  • Additional Protocols
    • Additional protocol containers
    • Manage the NFS protocol
      • Supported NFS client mount parameters
      • Manage NFS networking using the GUI
      • Manage NFS networking using the CLI
    • Manage the S3 protocol
      • S3 cluster management
        • Manage the S3 service using the GUI
        • Manage the S3 service using the CLI
      • S3 buckets management
        • Manage S3 buckets using the GUI
        • Manage S3 buckets using the CLI
      • S3 users and authentication
        • Manage S3 users and authentication using the CLI
        • Manage S3 service accounts using the CLI
      • S3 rules information lifecycle management (ILM)
        • Manage S3 lifecycle rules using the GUI
        • Manage S3 lifecycle rules using the CLI
      • Audit S3 APIs
        • Configure audit webhook using the GUI
        • Configure audit webhook using the CLI
        • Example: How to use Splunk to audit S3
      • S3 supported APIs and limitations
      • S3 examples using boto3
      • Access S3 using AWS CLI
    • Manage the SMB protocol
      • Manage SMB using the GUI
      • Manage SMB using the CLI
  • Operation Guide
    • Alerts
      • Manage alerts using the GUI
      • Manage alerts using the CLI
      • List of alerts and corrective actions
    • Events
      • Manage events using the GUI
      • Manage events using the CLI
      • List of events
    • Statistics
      • Manage statistics using the GUI
      • Manage statistics using the CLI
      • List of statistics
    • Insights
    • System congestion
    • Security management
      • Obtain authentication tokens
      • KMS management
        • Manage KMS using the GUI
        • Manage KMS using the CLI
      • TLS certificate management
        • Manage the TLS certificate using the GUI
        • Manage the TLS certificate using the CLI
      • CA certificate management
        • Manage the CA certificate using the GUI
        • Manage the CA certificate using the CLI
      • Account lockout threshold policy management
        • Manage the account lockout threshold policy using GUI
        • Manage the account lockout threshold policy using CLI
      • Manage the login banner
        • Manage the login banner using the GUI
        • Manage the login banner using the CLI
      • Manage Cross-Origin Resource Sharing
    • User management
      • Manage users using the GUI
      • Manage users using the CLI
    • Organizations management
      • Manage organizations using the GUI
      • Manage organizations using the CLI
      • Mount authentication for organization filesystems
    • Expand and shrink cluster resources
      • Add a backend server
      • Expand specific resources of a container
      • Shrink a cluster
    • Background tasks
      • Set up a Data Services container for background tasks
      • Manage background tasks using the GUI
      • Manage background tasks using the CLI
    • Upgrade WEKA versions
  • Licensing
    • License overview
    • Classic license
  • Monitor the WEKA Cluster
    • Deploy monitoring tools using the WEKA Management Station (WMS)
    • WEKA Home - The WEKA support cloud
      • Local WEKA Home overview
      • Deploy Local WEKA Home v3.0 or higher
      • Deploy Local WEKA Home v2.x
      • Explore cluster insights and statistics
      • Manage alerts and integrations
      • Enforce security and compliance
      • Optimize support and data management
    • Set up the WEKAmon external monitoring
    • Set up the SnapTool external snapshots manager
  • Support
    • Get support for your WEKA system
    • Diagnostics management
      • Traces management
        • Manage traces using the GUI
        • Manage traces using the CLI
      • Protocols debug level management
        • Manage protocols debug level using the GUI
        • Manage protocols debug level using the CLI
      • Diagnostics data management
  • Best Practice Guides
    • WEKA and Slurm integration
      • Avoid conflicting CPU allocations
    • Storage expansion best practice
  • WEKApod
    • WEKApod Data Platform Appliance overview
    • WEKApod servers overview
    • Rack installation
    • WEKApod initial system setup and configuration
    • WEKApod support process
  • Appendices
    • WEKA CSI Plugin
      • Deployment
      • Storage class configurations
      • Tailor your storage class configuration with mount options
      • Dynamic and static provisioning
      • Launch an application using WEKA as the POD's storage
      • Add SELinux support
      • NFS transport failback
      • Upgrade legacy persistent volumes for capacity enforcement
      • Troubleshooting
    • Convert cluster to multi-container backend
    • Create a client image
    • Update WMS and WSA
    • BIOS tool
Powered by GitBook
On this page
  • Manage local users
  • Create a local user
  • Edit a local user
  • Change a local user password
  • Change your password
  • Revoke local user tokens
  • Remove a local user
  • Manage user directory
  • Configure LDAP
  • Configure Active Directory
  1. Operation Guide
  2. User management

Manage users using the GUI

Explore the management of users licensed to work with the WEKA system using the GUI.

PreviousUser managementNextManage users using the CLI

Last updated 8 months ago

Using the GUI, you can:

Manage local users

Local users are created in the local system instead of domain users that the organization's User Directory manages. You can create up to 1152 local users to work with a WEKA system cluster.

Create a local user

Procedure

  1. From the menu, select Configure > User Management.

  2. In the Local Users tab, select +Create.

  3. In the Create New User dialog, set the following properties:

    • Username: Set the user name for the local user.

    • Password: Set a password according to the requirements. The password must contain at least 8 characters: an uppercase letter, a lowercase letter, and a number or a special character.

    • Confirm Password: Type the same password again.

    • Role: Select the role for the local user. If you select an S3 user role, select the relevant S3 policy and, optionally, the and .

  4. Select Save.

Edit a local user

You can modify the role of a local user but not your role (the signed-in user). For an S3 user, you can only modify the S3 policy, POSIX UID, and POSIX GID.

Procedure

  1. In the Local Users tab, select the three dots of the local user you want to edit, then select Edit User.

  2. From the Role property, select the required role. If you modify the role to S3, you can set the S3 policy, POSIX UID, and POSIX GID.

  3. Select Save.

Change a local user password

As a Cluster Admin or Organization Admin, you can change the password of a local user and revoke the user's tokens.

To regain access to the system after changing the password, the user must re-authenticate using the new password.

Procedure

  1. In the Local Users tab, select the three dots of the local user whose password you want to change, then select Change Password.

  2. In the Change Password for a user dialog, set the following properties:

    • Old password: Set the old password.

    • Password: Set a new password according to the requirements.

    • Confirm Password: Type the same new password again.

    • Revoke Tokens: If the user's existing tokens are compromised, you can revoke all of the user's tokens and change their password. To regain access to the system, the user must re-authenticate with the new password or obtain new tokens through the API.

  3. Select Save.

Change your password

You can change your password at any time.

Procedure

  1. From the top bar, select the signed-in user, then select Change Password.

  1. Select Save.

Revoke local user tokens

If the user's existing tokens are compromised, you can revoke all the user's tokens, regardless of changing the user's password. To re-access the system, the user re-authenticates with the new password, or the user needs to obtain new tokens using the API.

Procedure

  1. In the Local Users tab, select the three dots of the local user you want to revoke the user tokens, then select Revoke User Tokens.

  1. In the confirmation message, select Revoke Tokens.

Remove a local user

You can remove a local user that is no longer required.

Procedure

  1. In the Local Users tab, select the three dots of the local user to remove, then select Remove User.

In the confirmation message, select Yes.

Manage user directory

You can set user access to the Weka system from the organization user directory, either by LDAP or Active Directory.

Configure LDAP

To use LDAP for authenticating users, set the property values based on your specific LDAP environment and configuration.

LDAP property descriptions
  • Server URI: The URI or address of the LDAP server, including the protocol (in this case, LDAP), the server's hostname or IP address, and the port number. Example value: ldap://ldap.example.com:389

  • Protocol Version: The version of the LDAP protocol being used. Common versions include LDAPv2 and LDAPv3. Example value: 3

  • Start TLS: When enabled, this option initiates a Transport Layer Security (TLS) connection with the LDAP server. TLS provides encryption and secure communication between the client and server, protecting the confidentiality and integrity of data transmitted over the network.

  • Ignore Certificate Failures: When enabled, this option instructs the LDAP client to ignore certificate validation failures during the TLS/SSL handshake process. Certificate validation failures can include expired, self-signed, or mismatched certificates. Enabling this option allows the client to establish a connection even if the server's certificate cannot be fully validated. Use this option cautiously, as it may expose the connection to potential security risks.

    Enabling Start TLS and Ignore Certificate Failures must be done based on your specific security requirements and the configuration of your LDAP server.

  • Server Timeout Seconds: The maximum amount of time, in seconds, the client waits for a response from the LDAP server before timing out. Example value: 30

  • Base DN : The base distinguished name (DN) is the starting point for searching the directory tree. It represents the top-level entry in the LDAP directory. Example Value: dc=example,dc=com

  • Reader Username: The username or distinguished name (DN) of a dedicated reader user account used for authenticating and reading data from the LDAP server. Example value: cn=reader,dc=example,dc=com

  • Reader Password: The password is associated with the reader user account for authentication purposes. Example Value: ********

  • User ID Attribute: The attribute in the LDAP schema that represents the unique identifier or username for user entries. Example value: uid

  • User Object Class: The object class or object type in the LDAP schema defines the structure and attributes of user entries. Example value: person

  • User Revocation Attribute: An attribute indicates a user account's revocation status, typically a boolean attribute set to true or false. Example value: isRevoked

  • Group ID Attribute: The attribute in the LDAP schema represents the unique identifier or name for group entries. Example value: cn

  • Group Membership Attribute: The attribute establishes the membership relationship between users and groups, specifying which users are members of a particular group. Example value: member

  • Group Object Class: The object class or object type in the LDAP schema defines the structure and attributes of group entries. Example value: groupOfNames

  • Cluster Admin Group: The LDAP group granted administrative privileges for managing the LDAP cluster. Example value: cn=cluster_admins,ou=groups,dc=example,dc=com sAMAccountName: cluster_admins

  • Organization Admin Role Group: The LDAP group granted administrative privileges for managing specific organizations or units within the LDAP directory. Example value: cn=org_admins,ou=groups,dc=example,dc=com sAMAccountName: org_admins

  • Regular User Role Group: The group in LDAP represents regular users with standard access privileges. Example value: cn=regular_users,ou=groups,dc=example,dc=com sAMAccountName: regular_users

  • Read-only User Role Group: The group in LDAP represents users with read-only access privileges restricted from making modifications. Example value: cn=read_only_users,ou=groups,dc=example,dc=com sAMAccountName: read_only_users

Note: The sAMAccountName (user logon name) in the Cluster Admin, Organization Admin, Regular User, and Read-only User Role Groups can be up to 20 characters long.

Procedure

  1. From the menu, select Configure > User Management.

  2. Select the User Directory tab.

  3. Select Configure LDAP.

  4. Set all properties based on your specific LDAP environment and configuration.

  5. Select Save.

Once the LDAP configuration is completed, the User Directory tab displays the details. You can disable the LDAP configuration, update the configuration, or reset the configuration values.

Configure Active Directory

To use Active Directory for authenticating users, set the property values based on your specific Active Directory environment and configuration.

Active Directory property descriptions
  • Domain: The domain name of the Active Directory environment. It represents the network boundary and provides a way to organize and manage resources, users, and groups. Example value: example.com

  • Server URI: The URI or address of the Active Directory server, including the protocol (in this case, LDAP) and the server's hostname or IP address. Example value: ldap://ad.example.com

  • Reader Username: A dedicated reader user account's username or user principal name (UPN) used for authenticating and reading data from the Active Directory. Example value: readeruser@ad.example.com

  • Reader Password: The password associated with the reader user account for authentication purposes. Example Value: ********

  • Cluster Admin Role Group: The group in Active Directory granted administrative privileges for managing the cluster or server infrastructure. Example value: CN=ClusterAdmins,CN=Users,DC=example,DC=com sAMAccountName: ClusterAdmins

  • Organization Admin Role Group: The group in Active Directory granted administrative privileges for managing specific organizations or units within the Active Directory environment. Example value: CN=OrgAdmins,CN=Users,DC=example,DC=com sAMAccountName: OrgAdmins

  • Regular User Role Group: The group in Active Directory represents regular users with standard access privileges. Example value: CN=RegularUsers,CN=Users,DC=example,DC=com sAMAccountName: RegularUsers

  • Read-only User Role Group: The group in Active Directory represents users with read-only access privileges, restricted from making modifications. Example value: CN=ReadOnlyUsers,CN=Users,DC=example,DC=com sAMAccountName: ReadOnlyUsers

Note: The sAMAccountName (user logon name) in the Cluster Admin, Organization Admin, Regular User, and Read-only User Role Groups can be up to 20 characters long.

Procedure

  1. From the menu, select Configure > User Management.

  2. Select the User Directory tab.

  3. Select Configure Active Directory.

  4. Set all properties based on your specific Active Directory environment and configuration.

  5. Select Save.

Once the Active Directory configuration is completed, the User Directory tab displays the details. You can disable the Active Directory configuration, update the configuration, or reset the configuration values.

In the Change Password dialog, set the properties described in the topic.

Change a local user password
Manage local users
Manage user directory
User Management: Local Users page
Create a new user dialog
Edit a local user
Change the password for a local user
Change your password (signed-in user)
Revoke local user tokens
Remove a local user
User directory tab
Configure LDAP dialog
Configure Active Directory dialog