Active Directory & Navisphere

I set the root of the domain as the search path (DC=domain,DC=com) so that I don't have to worry about the different OUs that groups can be nested in and it works fine.

Thank you for your help! It was just what I needed.

I should add that using the tool JXplorer (which is excellent & free !), I can connect to the AD and browse the user and group areas with the Proxy Account user, and also with the user names that I am authenticating so I don't believe it is a simple authentication failure issue.

I'm wondering if anyone can help me here. I have AD authentication configured and am sucessfully authenticating for Role Mapping = User, but just cannot get Role Mapping for groups to work. Have tried all the suggestions in this thread but still not working. Running an Ethereal trace shows the initial proxy connection to the AD to authenticate the user name, and results returned OK, and then we see the user name (attempt to) bind to the AD, but do not see a group search result being returned. Not sure if the user name is not authenticating, or the group search is not being requested. Not sure how to debug further. Any suggestions gratefully recieved.

Geoff Willett (Barcap)

The BindDN user account does not need any privileges in Active Directory. A user account without any elevated privileges should work fine. Keep in mind that in Active Directory any user account has full read/query access to all objects in the directory, so any user account can be used to authenticate and query for objects in the directory.

Double check the syntax of your BindDN path and ensure it is correct.

Thanks for your help. However I verified the syntax and the account object path and tried several times without success. I always got invalid credential error. Finally I tried to use AccountID@DomainName and NT_DomainName/AccoundID as BindDN, and both worked! I didn¿t know why it was the case. Anyway, I can now use a regular account (we will probably set up an AD account without any privilege and cannot be used to login on any server) for the CLARiiON AD connection. Thanks.

In the configuration window did you select LDAP or Active Directory as the server type? I actually found the connection was more reliable when using LDAP as the server type, which forced the authentication to talk to Active Directory using native LDAP.

I tried both LDAP and Active Directory server types and both worked. (But if the BindDN is in the of format of ¿true" LDAP object path, neither works ).

Hi all,

I need some help with LDAP. We have CX4-480 in our environment with flare version 6.30.xxx. I am trying to configure LDAP as it is mentioned in this forum. I am able to configure LDAP successfully on Unisphere but still getting error that authentication failed.

I was wondering do we have to do anything on LDAP server? I mean do we have to register CX4-480 on LDAP server or something like that? I am not a system admin. So I don't know if we have to make any changes on LDAP server as well.

It seems configuration is good on CX4-480. Even manual synchronization gets the result success.

Any help regarding this issue will be appreciated.

Thank you.

Nirav Patel

Hi Geoff,

I know this was a long time ago, however did you ever reolve this group issue?