Unsolved
8 Posts
0
944
How to bind NAS Server to LDAPS Server using hostname
In order to the Unity NAS Server to our LDAPS server (our AD DC), the Unisphere GUI requires entering IP addresses in the LDAP Servers section of the Naming Services tab. It will not accept hostnames. However, our LDAPS Servers' certificates do not have IP addresses in them (nor should they), so the binding fails.
The UEMCLI documentation indicates the other option is to use DNS Service Discovery to locate the LDAPS Server IP addresses, but our DNS does not do Service Discovery.
How can I bind the NAS Server on our Unity using LDAPS to our Active Directory servers using the hostnames of our LDAPS Servers ?
DELL-Sam L
Moderator
Moderator
•
6.9K Posts
0
June 11th, 2020 11:00
Hello jvang,
For LDAPS, refer the notes for certificate requirement, select the "Use LDAPS Protocol" first and "Upload Certificate". The certificate must be base64 encoded, full certificate chain (unless self signed) with file extension .cer
Then configuration can be entered like this (Note the port number, 636 for LDAPS):
Here is the link to the KB that also shows how to apply the certificate. You will need to login with your EMC account. https://dell.to/30xNLS5
Please let us know if you have any other questions.
jvang
8 Posts
0
June 11th, 2020 12:00
Thanks Sam,
The issue is not with uploading the SSL Certificate. The issue is that the LDAPS Server running on our Active Directory servers uses certificates that do not have IP Addresses in them, and when the NAS Server on the Unity attempts to bind to the LDAPS Server, it gets denied because the Unity only lets you enter IP addresses for binding to the LDAPS Servers (not the hostname).
How can I bind the NAS Server on the Unity to an LDAPS Server based on the hostname ot the LDAPS Servers ?
Cheers, JVANG
DELL-Sam L
Moderator
Moderator
•
6.9K Posts
0
June 11th, 2020 15:00
Hello Jvang,
I am not seeing any way to make it use just hostname. In all configure guides and manuals I see you need to have an IP address.
Please let us know if you have any other questions.
jvang
8 Posts
0
June 12th, 2020 11:00
Hi Sam,
My Active Directory System Administrator indicated they will not put IP Addresses in their certificates. I am waiting to find out why.
Is there no way to bind using a hostname from the CLI ? This seems very limiting, and I don't understand why not, since all other LDAPS implementations we have all support hostnames.
Cheers, Jack...
DELL-Sam L
Moderator
Moderator
•
6.9K Posts
0
June 12th, 2020 13:00
Hello Jvang,
Did you try to use UEMCLI configuration listed in this link & did it complete successfully?
https://dell.to/30xNLS5
Please let us know if you have any other questions.
jvang
8 Posts
0
June 15th, 2020 11:00
Hi Sam,
The document you referenced is to bind the Unity to an LDAPS Server, which we did a while ago, and has been working perfectly.
Do you have any references as to how to bind a NAS Server running on the Unity to an LDAPS Server from the UEMCLI Command Line, where it allows me to use the LADPS Server hostname instead of the IP address ?
Cheers, Jack...
Rainer_EMC
8.6K Posts
0
June 16th, 2020 06:00
LDAP code for the control path (user mgmt) is completely different from use of LDAP in the data path (NAS server)
From what I remember currently only config of LDAP servers via IP is supported for the NAS server.
I would suggest to open a product enhancement request