The default installation of Telco Network Cloud Orchestration (TNC-O) includes a secure application with protected access and a set of preconfigured roles. It also includes predefined users who are able to perform a variety of the key system roles. These predefined users are suitable for either basic usage of the system in a demonstration capacity, or can act as a template for understanding how to configure users in a more permanent installation. »

Pre-requisites To complete this guide you will need: An existing installation of the Telco Network Cloud Orchestration (TNC-O) An understanding of how to configure TNC-O using the Vault UI kubectl client with access to the Kubernetes cluster TNC-O is installed on Find Role Configuration Login to the Vault UI for your TNC-O system and navigate to the secrets engine named lm Navigate to the secret named ishtar »

The following guide details how to configure users in the default OpenLDAP installed as part of Telco Network Cloud Orchestration (TNC-O). TNC-O provides no built-in mechanism for managing users. There are many available LDAP clients which can be used for such purposes which makes the management much easier and a lot more visual. If your environment is connecting to an LDAP managed outside of TNC-O, then the system administrator is expected to already understand the connection and user model in use. »

The following guide is an extension of User Configuration with OpenLDAP with more detailed instructions for using LDAP Admin client. This guide is tested with version 1.8.3 of the client. Pre-requisites To complete this guide you will need: An existing installation of the Telco Network Cloud Orchestration (TNC-O) OpenLDAP accessible to your client LDAP Admin Client installed on your environment Connecting to OpenLDAP To get LDAP connection details follow this guide. »

The following guide details how to configure Client Credentials in Telco Network Cloud Orchestration (TNC-O) on a deployed system. These credentials are required to make API requests from external API clients and integrated systems. To assist in maintaining a secure system it is recommended that each external client have its own set of credentials. Pre-requisites To complete this guide you will need: An existing installation of the TNC-O A REST client Understanding of how to make authenticated requests to TNC-O Add client credentials Client credentials can be created using the credentials REST API. »

Managing Vault Tokens Vault tokens do not have an indefinite expiry and will need to be renewed or regenerated after their expiration. By default, the Vault token used by TNC-O to access configuration will be created with a duration as per the default value configured in the Vault settings, i.e. vault: vault: config: max_lease_ttl: 87600h # this is the maximum duration a token can exist, before which it can be renewed, after which it will be revoked default_lease_ttl: 87600h # this is the default duration a token will exist, after which it will be revoked, unless renewed Expired TNC-O Vault Tokens If the Vault token used by TNC-O expires, then any services in TNC-O will be unable to access configuration, and as such will be unable to start. »