Data Infrastructure Management Software Discussions

Re: LDAP Configuration

I have 2 things going on here.

 

1. I need to configure LDAP for 8.2 ONTAP.

 

2. I need to configure LDAP for 9.3 ONTAP.

 

The commands for security login create I'm sure will work for 9.3, but they don't seem to be working for 8.2.

 

 

Re: LDAP Configuration

Keep in mind when I log into the CLI for 8.2 I use "root". Never have I been able to login as "admin". Could that be the reason I don't see th correct commands?

 

How do I see and/or change the "admin" password if so, beacuse I have no clue what it is, that was before my time when this cluster was setup.

Re: LDAP Configuration

Omg...that's 7-mode...lol. last version of the 7- mode ontap.

Re: LDAP Configuration

Re: LDAP Configuration

Yes, it's this nasty 7-mode crap. 

 

Last question (hopefully) can I do RBAC with one Admin LDAP group and another Read-Only LDAP group?

Re: LDAP Configuration

Actually, for those reading, I belive this link is what I needed - https://library.netapp.com/ecmdocs/ECMP12405921/html/GUID-EC9F41A7-32D8-4A56-979A-8D11E107EBB8.html

Re: LDAP Configuration

Well I got it running configured but still can't login with AD accounts..

 

I think the "options ldap.name" is the problem.

 

Using this article I don't really see the syntax to add Base DN, OU, etc...The command above should work but the example is vague on how to configure.

 

 

sdpn1nfs005> options ldap
ldap.ADdomain
ldap.base
ldap.base.group
ldap.base.netgroup
ldap.base.passwd
ldap.enable on
ldap.fast_timeout.enable on
ldap.minimum_bind_level anonymous
ldap.name cn=LAxxxxxxx, o=xxxxxxx
ldap.nssmap.attribute.gecos gecos
ldap.nssmap.attribute.gidNumber gidNumber
ldap.nssmap.attribute.groupname cn
ldap.nssmap.attribute.homeDirectory homeDirectory
ldap.nssmap.attribute.loginShell loginShell
ldap.nssmap.attribute.memberNisNetgroup memberNisNetgroup
ldap.nssmap.attribute.memberUid memberUid
ldap.nssmap.attribute.netgroupname cn
ldap.nssmap.attribute.nisNetgroupTriple nisNetgroupTriple
ldap.nssmap.attribute.uid uid
ldap.nssmap.attribute.uidNumber uidNumber
ldap.nssmap.attribute.userPassword userPassword
ldap.nssmap.objectClass.nisNetgroup nisNetgroup
ldap.nssmap.objectClass.posixAccount posixAccount
ldap.nssmap.objectClass.posixGroup posixGroup
ldap.passwd ******
ldap.port 636
ldap.retry_delay 120
ldap.servers ldap.xxx.xxxxxx.com
ldap.servers.preferred
ldap.ssl.enable off
ldap.timeout 20
ldap.usermap.attribute.unixaccount unixaccount
ldap.usermap.attribute.windowsaccount windowsaccount
ldap.usermap.base
ldap.usermap.enable off

Re: LDAP Configuration

I appreciate everyone's help.

 

I was trying to avoid openign a ticket with NetApp but it looks like I should do that and work this until resolution.

 

Thank everyone!!

Re: LDAP Configuration

Actually, I just remembered these are probably no longe runder warranty. Ugghhh

 

Does anyone just have the down and direty steps on how to configure LDAP in 7-mode?

 

I have been sent a ton of doucments and they all look differnt. Differnt steps etc and none seem to work. I don't want to do anything on my 9.x nodes until I can get at the very least this 7-mode working.

Re: LDAP Configuration

I don't have Data Ontap 7-mode 8.2:  Hence I cannot really test your environment or even compare it with any exisitng ldap-based setup.

 

We are trying best to give you some direction with the help of KBs, and while you are trying your best, we hope some users/experts who knows it byheart and will chip in:

 

This triage is very well written step by step procedure to identify the shortcomings:

 

How to diagnose problems with Storage Controller LDAP Authentication (7-mode)
https://kb.netapp.com/app/answers/answer_view/a_id/1030198/~/how-to-diagnose-problems-with-storage-controller-ldap-authentication-

 

Question to you : Is it a AD-based Ldap or Non-AD based ldap ?

Non-Active Directory LDAP services cannot replace Active Directory for CIFS authentication on the Storage Controller. LDAP Service configuration on the Storage Controller is only used for mapping between protocols and for UNIX style service.

 

How to configure LDAP on a filer (7-mode) to connect to Microsoft"s Active Directory LDAP implementation
https://kb.netapp.com/app/answers/answer_view/a_id/1029874/~/how-to-configure-ldap-on-a-filer-to-connect-to-microsoft%26apos%3Bs-active

Forums