Solved: DFM Linux and Active Directory service account - NetApp Community

Welcome!

An account will enable you to access:
- NetApp support's essential features
- NetApp communities
- NetApp trainings
- Sign in to my account
- Don't have an account?
  Create an account
Learn
Browse

Active IQ Unified Manager Discussions

5,004 Views

Dear NetApp Community members,

I looking for a solution to be able to configure DFM 4.02 (Linux Version)

for Service Account integration for an active directory forest.

and web authentification with windows account

I think the DFM 4.02 LDAP should be the solution, however I'm not able to configure IT

Regards,

CGA

1 ACCEPTED SOLUTION

5,004 Views

In my case the ldap configuration:

Dear all,

Yhe solution is here: https://kb.netapp.com/support/index?page=content&id=1011398

configuration

dfm options set ldapBaseDN=DC=my_sub_domain,DC=domain,DC=com

dfm options set dapBindDN=user_1

dfm options set ldapUID=CN

dfm options set ldapUID=sAMAccountName

dfm options ldapMember =member

dfm options ldapBindPass=********

dfm options ldapEnabled=Yes

ldap information check

ldapBaseDN DC=my_sub_domain,DC=domain,DC=com

ldapBindDN useraccount

ldapBindPass ********

ldapEnabled Yes

ldapGID memberOf

ldapMember member

ldapUGID CN

ldapUID sAMAccountName

ldapVersion 3

Find CN dor User or Group

dfm ldap find 'user_1_name'

Username Full Name

------------ ----------------------------------------------------------------

user_1_name CN=Genevois Christophe,OU=Users,OU=My_OU,DC=My_SubDomain,DC=My_Domain,DC=com

add User

dfm user add 'CN=Genevois Christophe,OU=Users,OU=My_OU,DC=My_SubDomain,DC=My_Domain,DC=com'

Added administrator CN=Genevois Christophe,OU=Users,OU=My_OU,DC=My_SubDomain,DC=My_Domain,DC=com.

Add role to new user --> check for roles

dfm role list

Role Id Role Name Description

------- ------------------------- -------------------------------------------

2 GlobalRead View information in DataFabric Manager

3 GlobalQuota View user quota reports and events

4 GlobalWrite View and modify information in DataFabri...

5 GlobalDelete View, modify and delete information in D...

6 GlobalBackup Create and manage backups

7 GlobalRestore Perform restore operations from backups

8 GlobalMirror Manage replication and failover policies

9 GlobalSAN Create, expand and destroy LUNs

10 GlobalSRM View SRM path walk information

12 GlobalEvent Manage events

13 GlobalExecute Execute commands on storage system

14 GlobalConfigManagement Manage appliance configuration

15 GlobalDataSet Manage datasets

16 GlobalDataProtection Manage backup and datasets

17 GlobalFullControl Manage everything in DataFabric Manager

61304 GlobalPerfManagement Manage Performance Advisor

61305 GlobalReport Manage custom reports and report schedules

61306 GlobalSDStorage Manage storage with SnapDrive

61307 GlobalSDConfig Manage SnapDrive configurations

61308 GlobalSDSnapshot Manage snapshots with SnapDrive

61309 GlobalSDDataProtection Manage backups and datasets with SnapDrive

61310 GlobalSDFullControl Full use of SnapDrive

61311 GlobalSDDataProtectionAndRestore Perform backup and restore operations wi...

61312 GlobalResourceControl Active Management of Storage Resources

61313 GlobalProvisioning Provisioning of Datasets

61314 GlobalFailover Manage disaster recovery for datasets

65347 STORAGE View & Report STORAGE View and Report

95790 GlobalAlarm Manage alarms

144606 GlobalPerfThreshTemplate Manage performance threshold templates

144607 GlobalStorageService Manage storage services

add role to user

dfm user role add user_ID role_ID role_id

dfm user role add 271962 17 16

Set 2 roles for administrator 271962.

add email address

dfm user modify [ -e <email> ] [ -P <pager> ] [ -r <role-name> ( -r <role-name> ... ) ] <administrator-name> ...

dfm user modify -e my@netapp.com.test 271962

Updated adminEmailAddress for 271962.

dfm user list

271962 CN=Genevois Christophe,OU=System Accounts,OU=My_OU,DC=My_SubDomain,DC=My_Domain,DC=com my@netapp.com.test

271967 CN=user_2,OU=System Accounts,OU=My_OU,DC=My_SubDomain,DC=My_Domain,DC=com

271966 CN=user_3,OU=System Accounts,OU=My_OU,DC=My_SubDomain,DC=My_Domain,DC=com

271963 CN=user_4,OU=System Accounts,OU=My_OU,DC=My_SubDomain,DC=My_Domain,DC=com

271965 CN=group_1,OU=Distribution Lists,OU=My_OU,DC=My_SubDomain,DC=My_Domain,DC=com SPFRSANAdmin@.My_Domain.com

If the CN contains any / \ char, and you would not change the CN, it's possible to add a AD group witch contains the user account

It's working find, for Group and user

Regards

View solution in original post

2 REPLIES 2

5,004 Views

Hi Christophe,

To configure ldap, please configure following DFM options by using dfm option set command:

1.

dfm option set

ldapBaseDN ou=site,dc=local,dc=xxxxx,dc=com

ldapBindDN <your-username>

ldapBindPass <your-password>

ldapEnabled Yes

ldapGID (depends on your directory structure)

ldapMember (depends on your directory structure)

ldapUGID CN (Not required)

ldapUID (depends on your directory structure)

ldapVersion 3

2. Use dfm ldap add command to add ldap server.

SYNOPSIS

dfm ldap add [-P <default-port>] <address>[:<port>] ...

3. Use dfm user add to add user & check dfm user list to verify if your user is displayed by its DN.

Eg:

# dfm user add abcd

Added administrator abcd.

# dfm user list

Id Administrator Email Pager

----- ---------------------- ------------------------ ------------------------

53139 CN=xyz\, abcd,OU=User,OU=RRT,OU=site,DC=local,DC=xxxxx,DC=com

4. You can add AD groups too as user & assign them sufficient RBAC roles.

Eg:

# dfm user add 'CN=X,OU=X,OU=Group,OU=HQ,OU=Site,DC=local,DC=xxxxx,DC=com'

Thanks & Regards,

Fahad

5,005 Views

In my case the ldap configuration:

Dear all,

Yhe solution is here: https://kb.netapp.com/support/index?page=content&id=1011398

configuration

dfm options set ldapBaseDN=DC=my_sub_domain,DC=domain,DC=com

dfm options set dapBindDN=user_1

dfm options set ldapUID=CN

dfm options set ldapUID=sAMAccountName

dfm options ldapMember =member

dfm options ldapBindPass=********

dfm options ldapEnabled=Yes

ldap information check

ldapBaseDN DC=my_sub_domain,DC=domain,DC=com

ldapBindDN useraccount

ldapBindPass ********

ldapEnabled Yes

ldapGID memberOf

ldapMember member

ldapUGID CN

ldapUID sAMAccountName

ldapVersion 3

Find CN dor User or Group

dfm ldap find 'user_1_name'

Username Full Name

------------ ----------------------------------------------------------------

user_1_name CN=Genevois Christophe,OU=Users,OU=My_OU,DC=My_SubDomain,DC=My_Domain,DC=com

add User

dfm user add 'CN=Genevois Christophe,OU=Users,OU=My_OU,DC=My_SubDomain,DC=My_Domain,DC=com'

Added administrator CN=Genevois Christophe,OU=Users,OU=My_OU,DC=My_SubDomain,DC=My_Domain,DC=com.

Add role to new user --> check for roles

dfm role list

Role Id Role Name Description

------- ------------------------- -------------------------------------------

2 GlobalRead View information in DataFabric Manager

3 GlobalQuota View user quota reports and events

4 GlobalWrite View and modify information in DataFabri...

5 GlobalDelete View, modify and delete information in D...

6 GlobalBackup Create and manage backups

7 GlobalRestore Perform restore operations from backups

8 GlobalMirror Manage replication and failover policies

9 GlobalSAN Create, expand and destroy LUNs

10 GlobalSRM View SRM path walk information

12 GlobalEvent Manage events

13 GlobalExecute Execute commands on storage system

14 GlobalConfigManagement Manage appliance configuration

15 GlobalDataSet Manage datasets

16 GlobalDataProtection Manage backup and datasets

17 GlobalFullControl Manage everything in DataFabric Manager

61304 GlobalPerfManagement Manage Performance Advisor

61305 GlobalReport Manage custom reports and report schedules

61306 GlobalSDStorage Manage storage with SnapDrive

61307 GlobalSDConfig Manage SnapDrive configurations

61308 GlobalSDSnapshot Manage snapshots with SnapDrive

61309 GlobalSDDataProtection Manage backups and datasets with SnapDrive

61310 GlobalSDFullControl Full use of SnapDrive

61311 GlobalSDDataProtectionAndRestore Perform backup and restore operations wi...

61312 GlobalResourceControl Active Management of Storage Resources

61313 GlobalProvisioning Provisioning of Datasets

61314 GlobalFailover Manage disaster recovery for datasets

65347 STORAGE View & Report STORAGE View and Report

95790 GlobalAlarm Manage alarms

144606 GlobalPerfThreshTemplate Manage performance threshold templates

144607 GlobalStorageService Manage storage services

add role to user

dfm user role add user_ID role_ID role_id

dfm user role add 271962 17 16

Set 2 roles for administrator 271962.

add email address

dfm user modify [ -e <email> ] [ -P <pager> ] [ -r <role-name> ( -r <role-name> ... ) ] <administrator-name> ...

dfm user modify -e my@netapp.com.test 271962

Updated adminEmailAddress for 271962.

dfm user list

271962 CN=Genevois Christophe,OU=System Accounts,OU=My_OU,DC=My_SubDomain,DC=My_Domain,DC=com my@netapp.com.test

271967 CN=user_2,OU=System Accounts,OU=My_OU,DC=My_SubDomain,DC=My_Domain,DC=com

271966 CN=user_3,OU=System Accounts,OU=My_OU,DC=My_SubDomain,DC=My_Domain,DC=com

271963 CN=user_4,OU=System Accounts,OU=My_OU,DC=My_SubDomain,DC=My_Domain,DC=com

271965 CN=group_1,OU=Distribution Lists,OU=My_OU,DC=My_SubDomain,DC=My_Domain,DC=com SPFRSANAdmin@.My_Domain.com

If the CN contains any / \ char, and you would not change the CN, it's possible to add a AD group witch contains the user account

It's working find, for Group and user

Regards

All Community Forums

Public