AD Integration

 
bobpace
New Member

AD Integration

I tried this in the technical forum and got zero response Hi I have a customer with a C7000 chassis and an OA runninf firmware 2.25. They are trying to authenticate using LDAP. We used the process outlined in the user guide to set this up. I got the following message from them (I removed the actual server names). ----------------------------- I actually got past the issue by dumping my temporary internet files. I now see the test tab, etc. We are still having issues running the LDAP test even though the certificate has been loaded again. We’ve tested the cert by loading it in to another SSL application and it connects without any problems. See error below. Directory Tests Test Description Status Overall Test Status Failed Ping Directory Server Passed Directory Server IP Address Not Run Directory Server DNS Name Passed Connect to Directory Server Passed Connect using SSL Failed Certificate of Directory Server Not Run User Authentication Not Run User Authorization Not Run Test Log Initiating Directory Settings diagnostic for server xxxx.xxxx.xxxx.xxxxx Directory Server address xxxxx.xxxx.xxxx.xxx resolved to 10.26.1.51 Unable to establish SSL connection with directory server. You may need to install a certificate for your server to allow SSL connections. ------------------------------------------- Any ideas on how to troubleshoot this?
3 REPLIES 3
Calvin Staples
Frequent Advisor

AD Integration

 
Calvin Staples
Frequent Advisor

AD Integration

I have the LDAP working fine with my OA's. I am running versions 2.13 & 2.25. On the "Directory Settings": > IP address of my primary domain controller. > Search context for where my groups are located as follows: OU=Special Accounts,DC=XXX,DC=XXX > Check the box for "Use NT Account Name Mapping (DOMAIN\username)" On the "Directory groups" (I use two): > Enter the name of the group name used for Administrators and Select the "Privilege Level" for Administrators and check the boxes you wish them to administer > Enter the name of the group used for Operators and select the "Privilege Level" for Operators and check the box(es) you wish them to operate on. Users should be able to use their login names (current version also allows the display name to be used). This works great for me. The Virtual Connect is another story. I have it working for VC Firmware 1.24 and 1.31. Everything is the same as for the OA except that you have to use the Display Name to login with. I have a request in to correct that and allow the actual SAM Account Name (user ID) name which should be allowed. Hope this helps, Cal Staples
Neal Bowman
Respected Contributor

AD Integration

I have LDAP integration working with both OA and VC. In OA, I am able to point to my actual domain name, and not an individual IP address. I hd to set the context search settings to point to different OUs in AD in order find the user account that is a member of one of the assigned groups. I do not place the groups and users in the same OU, and do not search the contexts where the groups reside. I login with the samAccountName, not the display name, and have not checked NT Account Mapping. For VC, I set this up the same search contexts, but had to use the IP address instead of the domain name. I use different groups for VC than OA. Again, I do not enable NT Account Mapping, and login only with the samAccountName. I have set this up on OA versions 2.20, 2.25, and 2.35; VC versions 1.21, 1.31, and 2.00. Hope this helps, Neal