Managing Authentication Databases

The Virtuozzo Containers security authentication mechanism allows you to grant access to Hardware Nodes and their Containers to both:

• users on your local computer and
• users stored in external Microsoft Active Directory databases.

Note: Other LDAP-compliant databases, like OpenLDAP for Linux, are supported with some restrictions, see below.

During its installation on the Hardware Node, the Virtuozzo Containers software creates two special databases containing the information on local user accounts:

• The 'System' database: this database is fully identical to the system database created by any operating system and containing the information on the users and groups registered in the Host OS and defining the rights these users and groups have in respect of the system administration;
• The 'Parallels Internal' database: this database contains Parallels-specific users and groups.

Along with the user databases created by the Virtuozzo Containers software by default, you can also register external user databases located virtually on any computer on your network and allow the users from these databases to access Hardware Nodes and their Containers. So, you do not need to manually create these users and add them to the 'Parallels Internal' database. The only requirement that should be met by a database to be registered in Parallels Infrastructure Manager is that it must be based on the Microsoft Active Directory technology. For example, if the user's login information is stored on an external domain controller running an Active Directory (AD) server, you can register this controller in Parallels Infrastructure Manager and allow the users registered in the AD directory to be authenticated thru the controller itself rather than go thru the authentication process on the Node. The user authorization, however, will take place on the Hardware Node (or on the Master Node in the case of a Virtuozzo Group) and the user will get the rights and privileges in accordance with the role(s) assigned to them on this Node.

If you wish to use an OpenLDAP directory in Linux environments in a similar way, you should make sure that this directory complies with the Microsoft Active Directory schema. In particular, it must have the following attribute types:

objectSid, groupType, userPrincipalName, userParameters, preferredOU

and the following object classes:

container, securityPrincipal, User, Group, foreignSecurityPrincipal, domainDNS.

For additional details on these attribute types and object classes, please consult the official Microsoft Active Directory schema, if needed.

Parallels Infrastructure Manager allows you to manage authentication databases as follows:

• view detailed information on the authentication database currently registered on the Hardware Node;
• remove a registered authentication database from the Hardware Node;
• register a new authentication database on the Hardware Node.

Please send us your feedback on this help page