Unsolved
This post is more than 5 years old
4 Posts
1
8195
April 27th, 2012 03:00
LDAP authentication on V-Plex
Dear engineers,
The objective, which is supposed to completed is to configure an LDAP authentication on V-Plex clusters, so the storage administrators will be able to use their domain accounts to log in.
Unfortunately we are facing an issue with matching the right attributes between the Vplex and the AD. The VPLEX LDAP service is expecting an attribute named 'msSFU30Uidnumber'. This attribute does not exist in the current version of MS Services for Unix (SFU), because MS has changed the name to 'uidnumber'. We don't want to add "old" attributes to our AD scheme, so we may need to implement a mapping table on the LDAP client of the VPLEX management Servers, but so far we are unable to find a guidance to achieve this.
I'll appreciate your help the following questions:
- Could you give and advice if such mapping table can be implemented and how?
- Can you propose some other workaround for solving the objective above?
PS: Our current software versions are:
Product version: 5.0.1.01.00.05
SMSv2: D10.60.0.71.0
Mgmt server base: D4_MSB_7
Mgmt server software: D10.60.0.97
Thanks in advance!
With best wishes,
Tsetso
Tsetso
4 Posts
0
May 8th, 2012 07:00
Hello Farooq,
At first, many thanks for your responce!
We had set the custom-attributes, as it is described in the CLI guide and unfortunately the authentication is still not working...
The command that we had issued is, as follows:
############################
VPlexcli:/> authentication directory-service configure -i 53.121.xx.xx -b "dc=emea,dc=corpds,dc=net" -m "ou=usersadministrative,ou=de,dc=emea,dc=corpds,dc=net" -n "cn=sxxxvplex01,ou=unix,dc=emea,dc=corpds,dc=net" -d 2 -p -t 1 --server-name sxxxx202.emea.corpds.net -o 389 --custom-attributes
Enter sxxxvplex01's password:*****
Set value for posixAccount attribute [User]:
Set value for posixGroup attribute [Group]:
Set value for uid attribute [msSFU30Name]: samaccountname
Set value for uidNumber attribute [msSFU30UidNumber]: uidnumber
Set value for gidNumber attribute [msSFU30GidNumber]: gidnumber
Set value for loginShell attribute [msSFU30LoginShell]: loginshell
Set value for homeDirectory attribute [msSFU30HomeDirectory]:
unixhomedirectory
Connecting to authentication server (may take 3 minutes) ...
VPlexcli:/>
VPlexcli:/> authentication directory-service show
default-authentication-service: Native VPLEX
external-authentication-service: AD
ip: 53.121.xx.xx
base-dn: dc=emea,dc=corpds,dc=net
connection-type: TLS
mapped-principal: ['OU=UsersAdministrative,OU=de,DC=emea,DC=corpds,DC=net']
############################
Any other suggestions what could be wrong here? Thanks for your support!
Regards,
Tsetso
Tsetso
4 Posts
0
May 13th, 2012 23:00
Hi Farooq and all,
Yep, I can confirm the the Organizational unit, called "usersadministrative", has members in it. (OU name: usersadministrative\de\emea.corpds.net).
The thing, that is somehow blurry for me is: what should be the correct unix attributes and values? Could you advise me about that?
Thanks and kindest regards,
Tsetso
Tsetso
4 Posts
0
May 29th, 2012 15:00
Hi there,
Finally the LDAP problem was resolved. The issue, that was causing it, was that the AD account of the V-plex (In the current example "cn=sxxxvplex01"). You MUST mark the AD-VPlex entry "password never expires" and from now on, it would be okay.
Thanks for your support here and I hope this post will be usefull for you!
Cheers,
Tsetso
SW5
18 Posts
0
October 4th, 2012 08:00
Hi,
in this example "useradministrative" is used as mapprincipal. You assumed that this is a group, not an ou. Does this mean, it can be a group and need not to be an OU? Documentation is only for using OU.
Thanks
Stefan