Highlighted
Blertin
1 Copper

LDAP Configuration with XtremIO is not working

Hello Everybody,

Can somebody help me . I' trying to configure EMC XtremIO LDAP/AD User Authentication.

I have done the configuration as below:

Bind DN: CN= ,CN=Users,DC=domain,DC=com

Bind Password: *******

Search Base: OU=Admins,OU=Users,DC=domain,DC=com

Search Filter: uid={username}

User to DN rule: domain\{username}

Server URL: ldap://ipaddress_of_Domain_Controller.

Active Directory Group: CN=StorageAdmins,OU=Security Groups,OU=Users,DC=domain,DC=com

I have tried even with ldaps and ldap://ipaddress_of_Domain_Controller:636.


I confirm that LDAP in the Domain Controller is working perfectly, because i have configured some other system with LDAP Authentication.


We are running Version: 4.0.2 build 80, Build id: 1b9953e:HEAD-release-4.0.2_SP.

Domain Controller is Windows 2012 R2.

Any help will be appreciated.

Thx.

Tags (2)
Reply
5 Replies
Highlighted
Nubuo
1 Copper

Re: LDAP Configuration with XtremIO is not working

First issue is probably your BIND DN. I just want to confirm you have an actual user account there and not CN=, like in your example.

For us here's what I had to do so people could just sign in with their usernames:

Bind DN: CN=AD Search,OU=Users,DC=domain,DC=com

Search base: OU=Users,DC=domain,DC=com

Search filter: userPrincipalName={username} @ domain.com

User to DN rule: {username} @ domain.com

Server URLs:

ldap://ad-1

ldap://ad-2

Active directory group:

admin: CN=SAN admins,OU=Users,DC=domain,DC=com

Ignore the spaces in the Search filter and User to DN rule lines. I had to put them in to avoid auto formatting by this site.

It was the filter and user to dn rule that was the hardest part for me to figure out, so try experimenting with what I did and see if that works for you.

Reply
Highlighted
huj1
1 Copper

Re: LDAP Configuration with XtremIO is not working

Yes, the format in Bind DN looks something wrong, it should be something like CN=XXX,OU=XXXX,DC=XXXX,DC=com

Also as you are using windows AD, the most possible search filter is sAMAccountName={username}.

Reply
Highlighted

Re: LDAP Configuration with XtremIO is not working

Verify your Bind DN and Group syntax with DSQUERY from a domain controlller.

I've blogged about it with details; EMC XtremIO 4.x – AD LDAP Configuration – Pragmatic IO

Reply
SHCAS
1 Copper

Re: LDAP Configuration with XtremIO is not working

Correct format of LDAP configuration like below, you can refer it. it is just a example.

Bind-dn: cn=administrator,cn=Users,dc=emc,dc=com

Search-Base: dc=emc,dc=com

Search-Filter: sAMAccountName={username}

LDAP-Servers: ['ldap://xxx.xxx.xxx.xxx']

User-to-dn-Rule: {username}@emc.com

Roles: ['admin:cn=test,cn=Users,dc=emc,dc=com'] ---------> the LDAP user should be under this group

Timeout: 1500

Cache-Expire: 24

CA-Cert-File: None

Reply
Highlighted
chronos1
1 Copper

Re: LDAP Configuration with XtremIO is not working

You could use userPrincipalName but then you would need to login with "username@example" and leave the User-to-DN rule blank. Using sAMAccountName is just easier as in SHCAS example.

Reply