https://community.netapp.com/t5/Active-IQ-Unified-Manager-Discussions/QUESTION-Interaction-between-OnCommand-and-a-LDAP-server-with-users-groups/m-p/78711#M16407 <HTML><HEAD></HEAD><BODY><P>Hi Emanuel,</P><P></P><P>I just recently setup OnCommand 5 on a RHEL 5 x86_64 system and ran into some similar issues regarding the AD/LDAP configuration. First make sure your OnCommand LDAP configuration matches the following screenshot (I got these settings through several other communities.netapp.com posts):</P><P><IMG src="http://community.netapp.com/legacyfs/online/16511_Screen+Shot+2012-08-11+at+12.48.13+PM.png" /></P><P></P><P>Next when you add a group to the administrative users page you will need to specify the full LDAP path for example:</P><P></P><P>cn=LDAP Group Name,ou=Groups,dc=domain,dc=org</P><P></P><P>As far as your second questions goes, I have not dealt with this as I have been using the root account when working from the command line.</P><P></P><P>-Dan</P></BODY></HTML> Sat, 11 Aug 2012 18:03:44 GMT dburkland 2012-08-11T18:03:44Z https://community.netapp.com/t5/Active-IQ-Unified-Manager-Discussions/QUESTION-Interaction-between-OnCommand-and-a-LDAP-server-with-users-groups/m-p/78705#M16405 <HTML><HEAD></HEAD><BODY><P>Hello</P><P></P><P>I am following up on a previous discussion about establishing authentication; we got that working.&nbsp; But a couple of new issues have appeared and I am hoping for community feed back.&nbsp; We have a Linux host with a package that allows authentication through a Windows W2K8 domain.</P><P></P><P>Q1:&nbsp;&nbsp;&nbsp;&nbsp; They are authenticating using something other than "PAM" on the Linux host with Windows AD; this seems to be okay for users but not groups; groups are not showing up as contain name objects.</P><P></P><P>When we enter a group in a full W2K8 domain we enter them as admin users as - "DOMAIN/Domain Group" name ( i think... its been a while for me ); when we enter the AD group with just the name it seems to accept it but does not enter the group name as a container-name style as it does for individual users.&nbsp; Is there a specific way to add groups in this sort of configuration?</P><P></P><P>Q2:&nbsp;&nbsp;&nbsp;&nbsp; A successful admin user on the GUI ( able to make changes to the database ) does not have the same privilege on the command line; only ROOT seems to work for them.</P><P></P><P>We have one of their admin users log into the GUI and change properties on a storage controller ( changing the default protocol from global to SSH and committing the change ).&nbsp; this works fine but in the command line the same user is not allowed to run DFM commands ( like dfm eventType list ); complaining user does not have READ privileges.&nbsp; This would be a caching issue on the host or something else.&nbsp; Has anyone else experienced this?</P><P></P><P>Looking for ideas ... thanks!</P></BODY></HTML> Thu, 05 Jun 2025 06:21:02 GMT https://community.netapp.com/t5/Active-IQ-Unified-Manager-Discussions/QUESTION-Interaction-between-OnCommand-and-a-LDAP-server-with-users-groups/m-p/78705#M16405 emanuel 2025-06-05T06:21:02Z https://community.netapp.com/t5/Active-IQ-Unified-Manager-Discussions/QUESTION-Interaction-between-OnCommand-and-a-LDAP-server-with-users-groups/m-p/78711#M16407 <HTML><HEAD></HEAD><BODY><P>Hi Emanuel,</P><P></P><P>I just recently setup OnCommand 5 on a RHEL 5 x86_64 system and ran into some similar issues regarding the AD/LDAP configuration. First make sure your OnCommand LDAP configuration matches the following screenshot (I got these settings through several other communities.netapp.com posts):</P><P><IMG src="http://community.netapp.com/legacyfs/online/16511_Screen+Shot+2012-08-11+at+12.48.13+PM.png" /></P><P></P><P>Next when you add a group to the administrative users page you will need to specify the full LDAP path for example:</P><P></P><P>cn=LDAP Group Name,ou=Groups,dc=domain,dc=org</P><P></P><P>As far as your second questions goes, I have not dealt with this as I have been using the root account when working from the command line.</P><P></P><P>-Dan</P></BODY></HTML> Sat, 11 Aug 2012 18:03:44 GMT https://community.netapp.com/t5/Active-IQ-Unified-Manager-Discussions/QUESTION-Interaction-between-OnCommand-and-a-LDAP-server-with-users-groups/m-p/78711#M16407 dburkland 2012-08-11T18:03:44Z