BladeSystem Management Software

Onboard Administrator (OA) Configuration for openLDAP

 
chuckk281
Trusted Contributor

Onboard Administrator (OA) Configuration for openLDAP

Premchandra had a customer question regarding the Onboard Administrator working with openLDAP for security access and/or permissions:

 

*************************************

 

Hi Experts

A Customer wants the Onboard Administrator to be configured to use an openLDAP server running on a RHEL 5.5 Linux for authentication.

The OA user guide gives the procedure for integrating with Microsoft AD, but not the openLDAP.

 

Can you refer to any document illustrating the same please?

 

*****************************************

 

Monty had the information needed:

 

******************************************

 

The OA LDAP support is designed to support Active Directory or Novell eDirectory by searching the user account for records containing “memberOf” for groups that are configured on the OA for a match.

 

In addition, the OA LDAP searches the user records for “groupMembership” and then examines those records for groups that are configured on the OA for a match.

 

If no matching groups are found containing “memberOf” or “groupMembership”, the OA fails to find user authorization.

 

You should use the OA LDAP test (GUI or CLI command) to see the results of the steps the OA performs for LDAP troubleshooting. 

  • Passing authentication means the OA successfully logged into the LDAP server using the user supplied credentials
  • Passing authorization means the OA found a group in the user account tagged with “memberOf” or “groupMembership” that matches a configured OA LDAP group

 

The OA LDAP does not support UID, nor will it search the entire LDAP group list to find which users are members.

 

******************************************

 

Good explanation. Are you using LDAP for authentication? Let us know your experiences.