Manage users using the GUI

Explore the GUI to manage local users and configure the user directories LDAP or AD.

Using the GUI, you can:

Manage local users

Local users are created in the local system instead of domain users that the organization's User Directory manages. You can create up to 1152 local users to work with a WEKA system cluster.

User Management: Local Users page

Create a local user

Procedure

  1. From the menu, select Configure > User Management.

  2. In the Local Users tab, select +Create.

  3. In the Create New User dialog, set the following properties:

    • Username: Set the user name for the local user.

    • Password: Set a password according to the requirements. The password must contain at least 8 characters: an uppercase letter, a lowercase letter, and a number or a special character.

    • Confirm Password: Type the same password again.

    • Role: Select the role for the local user. If you select an S3 user role, select the relevant S3 policy and, optionally, the and . For role details, see Role descriptions .

  4. Select Save.

Create a new user dialog

Edit a local user

You can modify the role of a local user but not your role (the signed-in user). For an S3 user, you can only modify the S3 policy, POSIX UID, and POSIX GID.

Procedure

  1. In the Local Users tab, select the three dots of the local user you want to edit, then select Edit User.

  2. From the Role property, select the required role. If you modify the role to S3, you can set the S3 policy, POSIX UID, and POSIX GID.

  3. Select Save.

Edit a local user

Change a local user password

As a Cluster Admin or Organization Admin, you can change the password of a local user and revoke the user's tokens.

To regain access to the system after changing the password, the user must re-authenticate using the new password.

Procedure

  1. In the Local Users tab, select the three dots of the local user whose password you want to change, then select Change Password.

  2. In the Change Password for a user dialog, set the following properties:

    • Old password: Set the old password.

    • Password: Set a new password according to the requirements.

    • Confirm Password: Type the same new password again.

    • Revoke Tokens: If the user's existing tokens are compromised, you can revoke all of the user's tokens and change their password. To regain access to the system, the user must re-authenticate with the new password or obtain new tokens through the API.

  3. Select Save.

Change the password for a local user

Change your password

You can change your password at any time.

Procedure

  1. From the top bar, select the signed-in user, then select Change Password.

Change your password (signed-in user)

  1. In the Change Password dialog, set the properties described in the Change a local user password topic.

  2. Select Save.

Revoke local user tokens

If the user's existing tokens are compromised, you can revoke all the user's tokens, regardless of changing the user's password. To re-access the system, the user re-authenticates with the new password, or the user needs to obtain new tokens using the API.

Procedure

  1. In the Local Users tab, select the three dots of the local user you want to revoke the user tokens, then select Revoke User Tokens.

Revoke local user tokens

  1. In the confirmation message, select Revoke Tokens.

Remove a local user

You can remove a local user that is no longer required.

Procedure

  1. In the Local Users tab, select the three dots of the local user to remove, then select Remove User.

Remove a local user

In the confirmation message, select Yes.

Configure LDAP/AD in WEKA

You can set the user access to the WEKA system from the organization user directory by Lightweight Directory Access Protocol (LDAP) or Active Directory (AD).

Integrate the WEKA system with your organization's user directory using either Lightweight Directory Access Protocol (LDAP) or Active Directory (AD) for centralized user authentication. This allows users to access the WEKA system with their existing credentials.

From the menu, navigate to Configure > User Management and select the User Directory tab. The system displays options to configure either LDAP or Active Directory.

User directory tab

Configure LDAP

Connect to an LDAP server to authenticate and authorize users for access to the WEKA system.

LDAP property reference
Property
Description

Server URI

The address of the LDAP server. For example: ldap://ldap.example.com:389.

Protocol Version

The version of the LDAP protocol. For example: 3.

Start TLS

When enabled, initiates a Transport Layer Security (TLS) connection with the LDAP server for encrypted communication.

Ignore Certificate Failures

When enabled, the LDAP client ignores certificate validation failures during the TLS/SSL handshake. Use this option cautiously, as it may pose a security risk.

Server Timeout Seconds

The maximum time in seconds the client waits for a response from the LDAP server before timing out. For example: 30.

Base DN

The base distinguished name (DN) that serves as the starting point for directory tree searches. For example: dc=example,dc=com.

Reader Username

The username or DN of a dedicated user account for reading data from the LDAP server. For example: cn=reader,dc=example,dc=com.

Reader Password

The password for the reader user account.

User ID Attribute

The attribute in the LDAP schema that uniquely identifies user entries. For example: uid.

User Object Class

The object class in the LDAP schema that defines the structure of user entries. For example: person.

User Revocation Attribute

An attribute that indicates a user account's revocation status. For example: isRevoked.

Group ID Attribute

The attribute in the LDAP schema that uniquely identifies group entries. For example: cn.

Group Membership Attribute

The attribute that specifies which users are members of a particular group. For example: member.

Group Object Class

The object class in the LDAP schema that defines the structure of group entries. For example: groupOfNames.

Cluster Admin Group

The LDAP group granted administrative privileges for the cluster. The sAMAccountName can be up to 20 characters. For example: cn=cluster_admins,ou=groups,dc=example,dc=com.

Organization Admin Role Group

The LDAP group granted administrative privileges for specific organizations. The sAMAccountName can be up to 20 characters. For example: cn=org_admins,ou=groups,dc=example,dc=com.

Regular User Role Group

The LDAP group for users with standard access privileges. The sAMAccountName can be up to 20 characters. For example: cn=regular_users,ou=groups,dc=example,dc=com.

Read-only User Role Group

The LDAP group for users with read-only access privileges. The sAMAccountName can be up to 20 characters. For example: cn=read_only_users,ou=groups,dc=example,dc=com.

Procedure

  1. On the User Directory tab, select Configure LDAP.

  2. In the Configure LDAP dialog, set the properties according to your LDAP environment. For details about each property, see the LDAP property reference.

  3. Select Save.

Configure LDAP dialog

After saving the configuration, the User Directory tab displays the LDAP connection details. From this view, you can update, disable, or reset the configuration.

Configure Active Directory

Connect to an Active Directory (AD) domain to authenticate and authorize users for access to the WEKA system.

Active Directory property reference
Property
Description

Domain

The domain name of the Active Directory environment. For example: example.com.

Server URI

The address of the Active Directory server. For example: ldap://ad.example.com.

Reader Username

The username or user principal name (UPN) of a dedicated user account for reading data from Active Directory. For example: [email protected].

Reader Password

The password for the reader user account.

Cluster Admin Role Group

The Active Directory group granted administrative privileges for the cluster. The sAMAccountName can be up to 20 characters. For example: CN=ClusterAdmins,CN=Users,DC=example,DC=com.

Organization Admin Role Group

The Active Directory group granted administrative privileges for specific organizations. The sAMAccountName can be up to 20 characters. For example: CN=OrgAdmins,CN=Users,DC=example,DC=com.

Regular User Role Group

The Active Directory group for users with standard access privileges. The sAMAccountName can be up to 20 characters. For example: CN=RegularUsers,CN=Users,DC=example,DC=com.

Read-only User Role Group

The Active Directory group for users with read-only access privileges. The sAMAccountName can be up to 20 characters. For example: CN=ReadOnlyUsers,CN=Users,DC=example,DC=com.

Procedure

  1. On the User Directory tab, select Configure Active Directory.

  2. In the Configure Active Directory dialog, set the properties according to your AD environment. For details about each property, see the Active Directory property reference.

  3. Select Save.

Configure Active Directory dialog

After saving the configuration, the User Directory tab displays the Active Directory connection details. From this view, you can update, disable, or reset the configuration.

PreviousUser managementNextManage users using the CLI

Last updated