LDAP authentication on V-Plex

Question

Dear engineers, The objective, which is supposed to completed is to configure an LDAP authentication on V-Plex clusters, so the storage administrators will be able to use their domain accounts to log in. Unfortunately we are facing an issue with matching the right attributes between the Vplex and the AD. The VPLEX LDAP service is expecting an attribute named 'msSFU30Uidnumber'. This attribute does not exist in the current version of MS Services for Unix (SFU), because MS has changed the name to 'uidnumber'. We don't want to add 'old' attributes to our AD scheme, so we may need to implement a mapping table on the LDAP client of the VPLEX management Servers, but so far we are unable to find a guidance to achieve this. I'll appreciate your help the following questions: Could you give and advice if such mapping table can be implemented and how? Can you propose some other workaround for solving the objective above? PS: Our current software versions are: Product version: 5.0.1.01.00.05 SMSv2: D10.60.0.71.0 Mgmt server base: D4_MSB_7 Mgmt server software: D10.60.0.97 Thanks in advance! With best wishes, Tsetso

Tsetso · Answer

Hello Farooq,At first, many thanks for your responce! We had set the custom-attributes, as it is described in the CLI guide and unfortunately the authentication is still not working...The command that we had issued is, as follows:############################VPlexcli:/> authentication directory-service configure -i 53.121.xx.xx -b 'dc=emea,dc=corpds,dc=net' -m 'ou=usersadministrative,ou=de,dc=emea,dc=corpds,dc=net' -n 'cn=sxxxvplex01,ou=unix,dc=emea,dc=corpds,dc=net' -d 2 -p -t 1 --server-name sxxxx202.emea.corpds.net -o 389 --custom-attributesEnter sxxxvplex01's password:*****Set value for posixAccount attribute [User]:Set value for posixGroup attribute [Group]:Set value for uid attribute [msSFU30Name]: samaccountnameSet value for uidNumber attribute [msSFU30UidNumber]: uidnumberSet value for gidNumber attribute [msSFU30GidNumber]: gidnumberSet value for loginShell attribute [msSFU30LoginShell]: loginshellSet value for homeDirectory attribute [msSFU30HomeDirectory]:unixhomedirectoryConnecting to authentication server (may take 3 minutes) ... VPlexcli:/>VPlexcli:/> authentication directory-service showdefault-authentication-service: Native VPLEXexternal-authentication-service: ADip: 53.121.xx.xxbase-dn: dc=emea,dc=corpds,dc=netconnection-type: TLSmapped-principal: ['OU=UsersAdministrative,OU=de,DC=emea,DC=corpds,DC=net']############################ Any other suggestions what could be wrong here? Thanks for your support!Regards,Tsetso

Tsetso · Answer

Hi Farooq and all,

Yep, I can confirm the the Organizational unit, called "usersadministrative", has members in it. (OU name: usersadministrative\de\emea.corpds.net).

The thing, that is somehow blurry for me is: what should be the correct unix attributes and values? Could you advise me about that?

Thanks and kindest regards,

Tsetso

Tsetso · Answer

Hi there,Finally the LDAP problem was resolved. The issue, that was causing it, was that the AD account of the V-plex (In the current example 'cn=sxxxvplex01'). You MUST mark the AD-VPlex entry 'password never expires' and from now on, it would be okay. Thanks for your support here and I hope this post will be usefull for you!Cheers,Tsetso

SW5 · Answer

Hi, in this example 'useradministrative' is used as mapprincipal. You assumed that this is a group, not an ou. Does this mean, it can be a group and need not to be an OU? Documentation is only for using OU. Thanks Stefan

VPLEX

Was this post helpful?