2013-09-10 12:23 AM
I have downloaded the OVF and implemented the OCUM6.0RC1 to try it with our new Ontap 8.2 cluster mode. However, I am facing issue with the authentication setup and the information is quite limited. I filed a case to Netapp and it took so long to reply and it was been 5 days since the last reply.
We are trying to configure the authentication using "Others" option.
So far, "Bind Distinguished Name" , "Bind Password" , "Base Distinguished Name" , "Protocol version" have been identified. Windows admin and I are uncertain of the rest info needed :
1. "User Name Attribute"
2. "Group Membership Attribute"
Any idea for the 4 column that I need to fill in? It would be great if you have any sample for me as reference. I am using LDS authentication.
Solved! SEE THE SOLUTION
2013-09-10 05:51 PM
Adding to Kevin's response, I’ve tried the following settings with an AD server and it seems to work fine. I was also able to add an AD user and login using the same.
Thanks and regards
2013-09-10 10:42 PM
LDS is the Microsoft Lightweight Directory Services. We are trying to use LDS instead of normal LDAP.
Here is the entry that I have. I have substitute my company domain with mycomp.
Bind distinguished name : CN=oncommand-ldap,OU=Service Accounts,DC=compDev,DC=Corp,DC=mycomp,DC=COM
Base distinguished name : OU=Oncommand,OU=compAuth,OU=Web Internal,OU=Applications,DC=compDev,DC=Corp,DC=mycomp,DC=COM
Thank you so much guys, you guys are responding much faster than the Germany support.
2013-09-11 01:36 AM
It looks like I have no luck with LDS authentication in OCUM6.0RC1 , our Windows admin(Thanks Gabor, I know you are reading my comment ) just Identified the root cause. below is the comment from him:
Query from OCUM
OCUM is searching for objectclass=user
lds the objectclass is userproxyfull
We might want to think of how to create group user access in LDAP or perhaps Netapp OCUM team could have an LDS option in RC2?
2013-09-11 11:41 AM
The bind distinguished name I used was "CN=administrator,CN=users,DC=air,DC=com". (Base distinguished name: DC=air,DC=com)
Looks like you're trying to add some kind of a service account, can you try adding a regular user and see if that works?
Something like this: ...
bind distinguished name: CN=<user_name>,CN=users,DC=compdev,DC=Corp,DC=mycomp,DC=com
base distinguished name: DC=compdev,DC=Corp,DC=mycomp,DC=com
Thanks and regards
2013-09-12 06:54 AM
The authentication services that are qualified (and supported) in UM 6.0 are Active Directory and Open LDAP.
Secure LDAP and Lightweight Directory Services are not qualified nor supported.
The UM Admin Guide states this:
Enabling remote authentication
You can enable remote authentication (LDAP, Active Directory) to enable the management server to
communicate with your authentication servers and to enable users of the authentication servers to use
Unified Manager and manage the storage objects and data.