Unsolved
This post is more than 5 years old
1 Message
1
5784
How does the VNXe integration with LDAP works?
Hi;
My question is about how the integration to LDAP from the new VNXe works and at what level the integration works? Please, can you give me a deep explanation on how it works and is implemented? Cause there is no technical documentation available yet.
Regards,
Gonzalo Pardo.
T_Scott-DFP
1 Message
7
June 23rd, 2011 10:00
After reviewing the OP's question again, I don't think I actually answered their question with my response below. I simply stated how to get it working, not really what it's used for. So far as I can tell (or at least so far as I've tested) it's simply used for authentication when logging into Unisphere. You can add Domain groups/users and select 1 of 3 privilege levels for those groups/users. Sorry I can't provide more detail than that.
Rather than delete everything I already typed, here's my original response for anyone else trying to get LDAP authentication working with their VNXe:
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
After a lot of trial and error (and failing to find good documentation or answers on the web) I finally got LDAP authentication to work. Looking at it now, it's actually pretty simple. However, you're not provided with much feedback in regards to the errors when setting it up (or logging in), so I had to get creative when trying to narrow down the problems (which primarily revolved around the search paths and the syntax for logging in). Anyway, here's what you need to set it up:
Save those settings and leave everything else as default for now. Click on the "Check LDAP Server Connection" button and verify that the test is successful. If not, double check the password and the DN of the account entered. Once the test is successful, click the "Show advanced" button. The vast majority of these settings should work just fine, except for the default search path. It wants to search in the default Users OU for both users and groups. Change the user and group search paths to the root of the domain (unless you really do have all of your users in or under the default Users OU). For example: dc=contoso,dc=local. That way, it will do a recursive search throughout the domain for the user and group.
When adding LDAP groups in the "Manage Administration" tabs, you don't have to do anything special. Just enter the group name in exactly as it's shown in AD, spaces and all. Not sure if it will need the pre-Win 2k name for particularly long group names or not (did not test this).
When adding LDAP users, enter in the same username that would be used to log in.
With all of that done, here is what probably caused me the most trouble, actually logging in. Unisphere does not want DOMAIN\UID, or UID@domain.local, or just the UID. It wants DOMAIN/UID. The forward slash is vital. So long as you do that, and the group that grants the user permission to log into the VNXe is the search path it's using, you should be able to log in without issue.
I hope this saves someone from spinning their wheels trying to figure this out. If any corrections need to be made, please let me know.
t_lambert54
1 Message
0
September 20th, 2012 19:00
This worked perfectly...I know it is an old post but helped a ton...
Thanks!
tech-thetrainin
1 Message
0
May 23rd, 2013 14:00
Thank you! Everything you said makes a lot of sense after trying it out myself. It was definitely a lack of proper syntax on my part. Excellent write-up.