Dell EMC Unity:How to add LDAP Users/Groups, for Unity Authentication, over GUI (User Correctable)

1. Determine the User Search Path and Group Search Path

The User Search Path is where Dell EMC Unity will look for the user login that will be used for authentication. We can get this information from Relative Distinguished Name of the User. To determine the path, pick any known user who is supposed to use LDAP authentication on the Dell EMC Unity system and run the command dsquery on Active Directory:

For example,  the user name is "Kevin Peterson"

C:\Users\ABC>dsquery user -name "Kevin Peterson"
"CN=Kevin Peterson,OU=TestUsers,DC=ourteam,DC=com"

The User Search Path here that you need to note is: OU=TestUsers,DC=MyDomain,DC=com

For Group Search Path, a similar method can be used. This is the place the group will be looked for:

C:\Users\ABC>dsquery group -name "Unity_Admins"
"CN=Unity_Admins,OU=TestGroups,DC=ourteam,DC=com"

The path name for group container is : OU=TestGroups,DC=ourteam,DC=com

Note: If you want to use users or groups from two different OUs, you can set the outer OU path if the OUs are nested or else you can set only the DC part of the path.
Setting DC part only (DC=ourteam,DC=com in above example) as the Search path will make Dell EMC Unity search in all OUs in the Domain Controller.



2. Configure the User Search Path and Group Search Path

Once the Organizational Path for the User accounts or the group is located, go to the Dell EMC Unity GUI and select the Settings icon, and then select Users and Groups > Directory Services > Advanced.
Configure the User Search Path and Group Search Path using information from Step 1, as displayed below:







You can leave other information here to defaults or change as required.
The default values are:
User ID Attribute = sAMAccountName
User Object Class = user

Group Member Attribute = member
Group Name Attribute = cn
Group Object Class = group

Apply the settings.

3. Add the new User or Group to the Unisphere Configuration:

Go to User Management (under Settings icon > Users and Groups).
Click on Add a new User (+ sign).



Choose LDAP User if you want to to add a single LDAP User Account, or LDAP Group if you want to add an existing LDAP Group.
Enter the name of the LDAP User Account ID (sAMAccountName attribute of the User) or the LDAP Group name:



Once the LDAP User or Group is entered, as shown above, select "Next".
The next Screen will ask to specify a Role for the new User / Group that is added to the configuration:



Select the "Next" button. Once you are in the Summary section, ensure that the details entered are correct, and select "Finish" to complete the Setup.

Once the above steps are completed, you will be able to use your LDAP user accounts to access the Dell EMC Unity Array.

Please note that the best practice is to use Group Names with no special characters and with fewer than 32 characters.