I am looking to move away from using individual accounts on Unisphere (184.108.40.206) and use AD authentication groups instead.
I have deleted my account from Unisphere, created an AD group, added that group to Unisphere and assigned the appropriate arrays with a monitor role group. I then added myself to the AD group. All good so far.
I can then log into Unisphere but I cant see any arrays at all now. I would expect to have monitor rights for the arrays that I assigned to the AD group.
I've tried this on different instances that we have with the same results. Any tips?
Out of curiosity, have you tried creating a User with the same rights as the Group (i.e. a User with Monitor role for the required arrays)? In this case, set the User to use Authority : LDAP-SSL and the authentication domain of your AD.
Repeat for each user in the LDAP group. Once the user logs out and logs in again to Unisphere, they should see the required arrays with the appropriate roles.
No matter what we've tried, we've been unable to make the Group role work with LDAP. Let us know if that helps!
We have been using single user authentication previously but as I would like to simplify things I want to start using AD groups. The function is there, but doesnt appear to work.
Using AD groups would make things easier when trying to automate a break glass process where users can be automatically move between a standard and elevated AD groups via an online form.