Data Infrastructure Management Software Discussions

Re: LDAP Configuration

I have all of my SVM's joined to AD but they are not setup for LDAP. 

 

I simply want users to be able to login into the storage array "sysmgr" and that's it. I don't want LDAP "per" SVM, only at the cluster. 

 

Sp the stpoes you mentioned wouldn't apply to me.  The point of LDAP is using Security Groups, not individual users and that's what the commandyou provided seems to do.

Re: LDAP Configuration

Yes, you can simply use Cluster (Admin) SVM, instead of data SVM.

 

Regarding ns-switch, it is simply telling SVM to follow the order in which it should lookup for group/host/passwd infomration.

::*> vserver services name-service ns-switch show -vserver ClusterSVMname
Source
Vserver Database Order
--------------- ------------ ---------
ClusterSVMname hosts files,dns
ClusterSVMname group ldap,files
ClusterSVMname passwd ldap,files

Re: LDAP Configuration

"security login create" works fine with AD groups. Including the cluster level / admin SVM.
Try to do what I suggested and let us know if you get stuck.

Re: LDAP Configuration

Well, I'm trying to run it but on my 8.2 I can't get into advanced mode by running "set -privilege advanced". Which is weird.

Re: LDAP Configuration

Nevermind I got it in advanced mode. Now let's see if all the rest works.

Re: LDAP Configuration

Smiley Happy ...it even takes shortcut , for example :

::> set adv

Warning: These advanced commands are potentially dangerous; use them only when
directed to do so by NetApp personnel.
Do you want to continue? {y|n}:

Re: LDAP Configuration

Well, I can't find the admin vserver. The "vserver show" command seems to not exist. So I'm stuck there actually. This 8.x is extermely differnt from 9.x and most of the documentation online for 8.x commands don't really work which is odd.

Re: LDAP Configuration

vserver show should be there.

 

https://library.netapp.com/ecmdocs/ECMP1511539/html/vserver/show.html

 

Is it possible for you to show us the screenshot.

 

admin vserver is simply your 'cluster_name'.   We call it vserver 'type' as 'Admin'.

Re: LDAP Configuration

In 8.2 you need to designate on of data  SVM as authentication tunnel.

 

https://library.netapp.com/ecmdocs/ECMP1610202/html/security/login/domain-tunnel/create.html

 

Re: LDAP Configuration

here is the screenshot.

 

2019-10-02_9-02-55.png

Forums