Hi All,
I have set up a couple of OnCommand servers to integrate with Windows AD for authentication.
I used this NetApp Knowledge-base entry as my starting point:
1011398: How to configure OnCommand Unified Manager (Operations Manager) on Linux for authentication with Microsoft Active Directory
The OnCommand servers are versions 5.2.1 (for 7-mode) and 6.2rc1 (for CDOT) respectively.
Authentication of individual users accounts is working perfectly on both systems. But I cannot seem to get group based authentication to work ...
On version 5.2.1 doing a "ldap find" returns this error:
linux:~ 22.05 15:07:00$ dfm ldap find Storage-Admin-Groupname
Error: Searched under 'OU= ... ,' but didn't find administrator or group 'Storage-Admin-Groupname.'
If 'Storage-Admin-Groupname' exists, one or more of these settings may be wrong: ldapBaseDN, ldapUID, ldapGID, ldapUGID, ldapMember. Templates can set all but ldapBaseDN to values that are probably compatible with your server.
If I go ahead and add the group anyway, I get:
linux:~ 22.05 15:53:07$ dfm user add Storage-Admin-Groupname
Warning: Storage-Admin-Groupname does not exist in the administrator database(s), so login is disabled for this administrator. Added administrator Storage-Admin-Groupname.
Doing a test operation via the version 6.2 Web UI returns a similar error. (Not surprisingly, since both systems are using the same settings.)
Any tips on why this might not work, or suggestions on how to fix it?
I assume that doing "dfm find group" like this should work?
The (obfuscated) dfm options are as follows: ldapBaseDN OU=AdminUsers,OU=GlobalResources,OU=xxx,DC=yyy,DC=zzz,DC=xyz ldapBindDN oc-auth-account ldapBindPass ******** ldapEnabled Yes ldapGID memberOf ldapMember member ldapUGID CN ldapUID sAMAccountName ldapVersion 3
Thanks in advance for you help!
Cheers, Robb.
Are those groups in the same OU as the users?
Maybe change your ldapBaseDN to ³DC=yyy,DC=zzz,DC=xyz²?
On 5/22/15, 10:44 AM, "Robb W." toaster@y42.net wrote:
Hi All,
I have set up a couple of OnCommand servers to integrate with Windows AD for authentication.
I used this NetApp Knowledge-base entry as my starting point:
1011398: How to configure OnCommand Unified Manager (Operations Manager) on Linux for authentication with Microsoft Active Directory
The OnCommand servers are versions 5.2.1 (for 7-mode) and 6.2rc1 (for CDOT) respectively.
Authentication of individual users accounts is working perfectly on both systems. But I cannot seem to get group based authentication to work ...
On version 5.2.1 doing a "ldap find" returns this error:
linux:~ 22.05 15:07:00$ dfm ldap find Storage-Admin-Groupname
Error: Searched under 'OU= ... ,' but didn't find administrator or group 'Storage-Admin-Groupname.'
If 'Storage-Admin-Groupname' exists, one or more of these settings may be wrong: ldapBaseDN, ldapUID, ldapGID, ldapUGID, ldapMember. Templates can set all but ldapBaseDN to values that are probably compatible with your server.
If I go ahead and add the group anyway, I get:
linux:~ 22.05 15:53:07$ dfm user add Storage-Admin-Groupname
Warning: Storage-Admin-Groupname does not exist in the administrator database(s), so login is disabled for this administrator. Added administrator Storage-Admin-Groupname.
Doing a test operation via the version 6.2 Web UI returns a similar error. (Not surprisingly, since both systems are using the same settings.)
Any tips on why this might not work, or suggestions on how to fix it?
I assume that doing "dfm find group" like this should work?
The (obfuscated) dfm options are as follows: ldapBaseDN OU=AdminUsers,OU=GlobalResources,OU=xxx,DC=yyy,DC=zzz,DC=xyz ldapBindDN oc-auth-account ldapBindPass ******** ldapEnabled Yes ldapGID memberOf ldapMember member ldapUGID CN ldapUID sAMAccountName ldapVersion 3
Thanks in advance for you help!
Cheers, Robb.
Toasters mailing list Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters
-
Parisi, Justin -
Robb W.