- Community Home
- >
- Software
- >
- HPE OneView
- >
- AD Authentication
-
- Forums
-
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
- HPE Blog, Austria, Germany & Switzerland
- Blog HPE, France
- HPE Blog, Italy
- HPE Blog, Japan
- HPE Blog, Middle East
- HPE Blog, Russia
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
-
Blogs
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Blog, Latin America
- HPE Blog, Middle East
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
-
Information
- Community
- Welcome
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Tips and Tricks
- Resources
- Announcements
- Email us
- Feedback
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Aruba Airheads Community
- Enterprise.nxt
- HPE Dev Community
- Cloud28+ Community
- Marketplace
-
Forums
-
Blogs
-
Information
-
English
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-22-2014 08:43 AM
10-22-2014 08:43 AM
I have sucessfully configured the appliance to connect to our AD but then cannot login to the appliance or add a domain group using AD credentials. I'm using the appliance in trial mode until my licenses come in. Is this as limitation of the trial license mode?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-22-2014 08:46 PM
10-22-2014 08:46 PM
Re: AD Authentication
Hello, and welcome to the HP OneView Community forums.
AD/LDAP authentication is not a licenseable feature to HP OneView, which means a trial license or purchased license would have no impact on the feature.
Remember, OneView only supports Cononical Name (CN) account names for Active Directory. Did you use the same account you used to configure AD in the appliance when you tried to add a Directory Group?
I am an HPE employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-23-2014 08:22 AM
10-23-2014 08:22 AM
Re: AD Authentication
I did use the same account. That's the puzzling part. The configuration to AD was sucessful but then I can't use that same AD account to login to the VM or connect to AD and add a CN group.
I have also started over and rebuilt the VM from a new import with the same result. I have opened a case with HP Support so maybe they can help figure this out.
Thanks for your reply. I will update this post with any helpful solution to this problem.
Cheers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-23-2014 08:30 AM
10-23-2014 08:30 AM
Re: AD Authentication
Is the user account you used in the Search Context(OU container) you provided? Please note that the AD/LDAP implementation does not support Subtree search yet, and you must specify the OU where your user account and groups are located. You can add up to 4 Search Contexts. E.g.: OU=users,OU=corp,dc=domain,dc=com+OU=groups,OU=corp,dc=domain,dc=com+OU=Admins,OU=corp,dc=domain,dc=com+OU=ops,OU=corp,dc=domain,dc=com
I am an HPE employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-23-2014 08:59 AM
10-23-2014 08:59 AM
Re: AD Authentication
Short answer to your question is, Yes. What I haven't done is create a computer account for the VM and put in that configuration. Do I need that part? I thought that was optional.
Cheers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-23-2014 11:30 AM
10-23-2014 11:30 AM
SolutionOk. I figured it out.
Looks like the User Accounts & Groups need to be in the same OU.
My users are in cn=users and my groups are in cn=groups.
The model OU=users,OU=corp,dc=domain,dc=com+OU=groups,OU=corp,dc=domain,dc=com did not work.
When i built a group (OneViewAdmins) in the same OU with the users (gary) it started working..
Ataboy to Chris Lynch, HP for pointing in this direction.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-23-2014 12:18 PM
10-23-2014 12:18 PM
Re: AD Authentication
What version of the OneView appliance are you using? We introduced the multiple search contexts in the 1.05 release, and I have plenty of customers using multiple search contexts without issue. CN=Users is the default container object for User Accounts in Active Directory, but there is no CN=Groups default conatiner. If you created an OU in the root of your domain, and are using the default Users container (remember, this is not an OU), then your search context should be:
CN=users,DC=domain,DC=com+OU=groups,DC=domain,DC=com
I am an HPE employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-23-2014 12:49 PM
10-23-2014 12:49 PM
Re: AD Authentication
I'm building a new install of v1.10
I used an hasty (inaccurate) example in my thread because I didn't want to publish my AD onto this forum. You are correct the group I was looking to use was in the default container object for User Accounts in Active Directory, which as you pointed out is NOT an OU. The User account was off in a different OU container. I was concatenating the two together with the "+" and it didn't work. It started working when I created a group in the same OU where the user account was located and set that context into the configuration. I've worked with AD since 2000 and forgot that NOT an OU technicality lol
Thanks again
Cheers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-23-2014 01:12 PM
10-23-2014 01:12 PM
Re: AD Authentication
Hmmm... That certainly should not be the case. I would suggest you open a support case with (800) HPINVENT.
I am an HPE employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-29-2014 11:06 AM
10-29-2014 11:06 AM
Re: AD Authentication
I need a bit of more data from you. What version of the appliance did you deploy? You can get it from Top Level Menu -> Settings and the Appliance panel. We do have a patch coming that addresses some LDAP issues with 1.10.05.
I am an HPE employee
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2021 Hewlett Packard Enterprise Development LP