eNAS: How to Manage Unisphere for File using Active Directory/LDAP users

This article describes the steps to configure LDAP to manage Unisphere for File on an eNAS using a windows account name.
The configuration is divided into three main sections for ease of understanding and setup.
SECTION A - Lists all the configuration parameters required for LDAPS(Scenario A) or LDAP(Scenario B).
SECTION B - Validating the LDAP configuration
SECTION C - Assigning roles to the LDAP Group

Prerequisite: Consult with your AD/LDAP administrator and gather the required information mentioned below before you begin the setup for "Manage LDAP Domain."

SECTION A - Configuration Parameters based on whether you want to use LDAPS or LDAP

Scenario A - Configuration parameters required for LDAPS

1. Log in to the Unisphere using the eNAS Control Station's IP address.
2. From under the "All Systems" drop-down, select the respective Control Station Hostname.
3. Go to the Settings Tab, click "Manage LDAP Domain."
4. In the "Manage LDAP Domain" enter the details in the required fields, few fields are already populated by default such as the Nest Group Level, User ID Attribute, User Name Attribute, Group Name Attribute, the remaining fields must be manually populated.
   1. Domain name: Enter your Windows Domain Name.
   2. Primary hostname or IP address of the LDAP or AD server
   3. Secondary hostname or IP address of the LDAP or AD server
   4. SSH Enabled: Check this Box to use "LDAPS" and upload the necessary SSL Certificates.
      1. SSL Primary Certificate, Upload New SSL Primary Certificate
      2. SSL Backup Certificate, Upload New SSL Backup Certificate
   5. Select the Port number as 636 for LDAPS.
   6. Select the Directory Service Type: Default Active Directory OR Custom Active Directory OR Other Directory Servers
      NOTE: Selecting "Custom Active Directory" as the directory service type, give you the options to enter the "User and Group Search Path"
   7. Login name (Bind distinguished name (DN)) for the LDAP/AD server.
   8. Bind DN password corresponding to the Bind DN login name.
   9. User Search Path - Enter the User Search path that you have extracted from the Active Directory.
   10. Group Search Path - Enter the User Search path that you have extracted from the Active Directory.

Scenario-B - Manage LDAP Domain with LDAP Configuration

1. Log in to the Unisphere using the Control Station's IP address of the eNAS.
2. From under the "All Systems" drop-down, select the respective Control Station Hostname.
3. Go to the Settings Tab, click "Manage LDAP Domain."
4. In the "Manage LDAP Domain" enter the details in the required fields, few fields are already populated by default such as the Nest Group Level, User ID Attribute, User Name Attribute, Group Name Attribute, the remaining fields must be manually populated.
   1. Domain name: Enter your Windows Domain Name.
   2. Primary hostname or IP address of the LDAP or AD server
   3. Secondary hostname or IP address of the LDAP or AD server
   4. SSH Enabled: Clear this Box to use "LDAP."
   5. Select the Port number as 369 for LDAP.
   6. Select the Directory Service Type: Default Active Directory OR Custom Active Directory OR Other Directory Servers
      NOTE: Selecting "Custom Active Directory" as the directory service type, give you the options to enter the "User and Group Search Path"
   7. Login name (Bind distinguished name (DN)) for the LDAP/AD server.
   8. Bind DN password corresponding to the Bind DN login name.
   9. User Search Path - Enter the User Search path that you have extracted from the Active Directory.
   10. Group Search Path - Enter the User Search path that you have extracted from the Active Directory.

SECTION B - Validating the configuration

• The next step is to proceed with test this configuration using the "Test" button at the bottom of the "Manage LDAP Domain" window.
• The test should succeed if all the configuration details entered in the above steps are valid.

SECTION C - Assigning roles to the LDAP Group

Once the "Test" succeeds on the "Manage LDAP Domain" window, proceed with add the Windows Group and assign a Role to that windows group using the steps below:

1. As "Root" user, go to Settings > Security > User Customization -> Groups
2. Click the "Create" button, under "Group Name" enter a name for the Group.
3. Select the Role that you want to assign, For Example: Administrator
4. Select a "Group Type," in this case it should be "LDAP Domain Mapped Group."
5. Under the "Mapped Group Name" field enter the exact name of the Windows Group that you are planning to use.
6. Click "Apply" and "OK."
7. Finally to verify, log in to Unisphere, check the "Use LDAP" checkbox, enter the windows account name and its password which is added to the LDAP group and confirm access.

Refer "Security Configuration Guide for VNX P/N 300-015-128 REV. 04" for further details and information

Default Active Directory :-
If the user and group paths are both CN=Users,DC=<domain component>,DC=<domaincomponent>[, DC=<domain component> ]
(for exampleCN=Users,DC=derbycity,DC=local), you can use the Default Active Directory option in the Unisphere Manage LDAP Domain view.

Customer Active Directory :-
Users might not be in the default container (CN=Users). They may instead be located in other containers or organizational units within the directory, for example Celerra Users. In this case, you must use the Custom Active Directory option in the Unisphere Manage LDAP Domain view and manually enter the search paths.