Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Blertin

1 Message

4343

November 7th, 2016 05:00

LDAP Configuration with XtremIO is not working

Hello Everybody,

Can somebody help me . I' trying to configure EMC XtremIO LDAP/AD User Authentication.

I have done the configuration as below:

Bind DN: CN= ,CN=Users,DC=domain,DC=com

Bind Password: *******

Search Base: OU=Admins,OU=Users,DC=domain,DC=com

Search Filter: uid={username}

User to DN rule: domain\{username}

Server URL: ldap://ipaddress_of_Domain_Controller.

Active Directory Group: CN=StorageAdmins,OU=Security Groups,OU=Users,DC=domain,DC=com

I have tried even with ldaps and ldap://ipaddress_of_Domain_Controller:636.


I confirm that LDAP in the Domain Controller is working perfectly, because i have configured some other system with LDAP Authentication.


We are running Version: 4.0.2 build 80, Build id: 1b9953e:HEAD-release-4.0.2_SP.

Domain Controller is Windows 2012 R2.

Any help will be appreciated.

Thx.

Nubuo

17 Posts

November 7th, 2016 10:00

First issue is probably your BIND DN. I just want to confirm you have an actual user account there and not CN=, like in your example.

For us here's what I had to do so people could just sign in with their usernames:

Bind DN: CN=AD Search,OU=Users,DC=domain,DC=com

Search base: OU=Users,DC=domain,DC=com

Search filter: userPrincipalName={username} @ domain.com

User to DN rule: {username} @ domain.com

Server URLs:

ldap://ad-1

ldap://ad-2

Active directory group:

admin: CN=SAN admins,OU=Users,DC=domain,DC=com

Ignore the spaces in the Search filter and User to DN rule lines. I had to put them in to avoid auto formatting by this site.

It was the filter and user to dn rule that was the hardest part for me to figure out, so try experimenting with what I did and see if that works for you.

huj1

15 Posts

November 7th, 2016 16:00

Yes, the format in Bind DN looks something wrong, it should be something like CN=XXX,OU=XXXX,DC=XXXX,DC=com

Also as you are using windows AD, the most possible search filter is sAMAccountName={username}.

brettesinclair

715 Posts

November 8th, 2016 23:00

Verify your Bind DN and Group syntax with DSQUERY from a domain controlller.

I've blogged about it with details; EMC XtremIO 4.x – AD LDAP Configuration – Pragmatic IO

Anonymous

5 Practitioner

 • 

274.2K Posts

November 9th, 2016 18:00

Correct format of LDAP configuration like below, you can refer it. it is just a example.

Bind-dn: cn=administrator,cn=Users,dc=emc,dc=com

Search-Base: dc=emc,dc=com

Search-Filter: sAMAccountName={username}

LDAP-Servers: ['ldap://xxx.xxx.xxx.xxx']

User-to-dn-Rule: {username}@emc.com

Roles: ['admin:cn=test,cn=Users,dc=emc,dc=com'] ---------> the LDAP user should be under this group

Timeout: 1500

Cache-Expire: 24

CA-Cert-File: None

Anonymous

5 Practitioner

 • 

274.2K Posts

November 12th, 2016 05:00

You could use userPrincipalName but then you would need to login with "username@example" and leave the User-to-DN rule blank. Using sAMAccountName is just easier as in SHCAS example.

View More

View All

No Events found!

Top