HPE OneView

Active Directory integration issue - group query issue

 
MRoushdy84
Frequent Visitor

Active Directory integration issue - group query issue

Hello,

I'm able to add Active Directory as a directory for authentication, but when I add a group, it faisl to query with the following error, and I've double checked with our AD admin that no policies are applied to restrict querieing.

 

I'm sure that I'm providing the group path in a correct format, but it seesm to be altered if I'm not mistaken, even using a domain admin account didn't fix it.

 

THank you,

 
 
 

 

8 REPLIES 8
ChrisLynch
HPE Pro

Re: Active Directory integration issue - group query issue

Hello and welcome to the HPE OneView forums.

The error message you mentioned is not within your post. Can you also please provide the version of HPE OneView you have as well?


I am an HPE employee

Accept or Kudo

MRoushdy84
Frequent Visitor

Re: Active Directory integration issue - group query issue

Hello,

I couldn't attach a screenshot. Here's the error message:

Invalid search input [OU=Server without \"Intrusion Prevention Policy\",OU=Gosi-servers,DC=Gosi,DC=ins], was provided with the input.
Provide a valid search input and try again.

 

OneView Version: 2020.01.25.00

 

Thank you,

MRoushdy84
Frequent Visitor

Re: Active Directory integration issue - group query issue

The OneView version is: 5.00.01-0410269

ChrisLynch
HPE Pro

Re: Active Directory integration issue - group query issue

You can post pictures by using the camera icon.  You have to first upload the image, then attach it to the post.

That said, this looks to be an issue with your use of the " marks in the OU name.  I tested this behavior on a 6.00 appliance in my lab and was able to reproduce this.  And this is only when you browse for the group.  As a workaround, either provide the full Distinguished Name of the group, New-OVLdapGroup PowerShell Cmdlet, or the REST API.


I am an HPE employee

Accept or Kudo

MRoushdy84
Frequent Visitor

Re: Active Directory integration issue - group query issue

here hyou go 

oneview-error.png

 

ChrisLynch
HPE Pro

Re: Active Directory integration issue - group query issue

Can you help me understand the exact steps you are taking to get to this screenshot?  If you are using an OU Distinguished Name for the BaseDN when you are adding an external authentication directory, that is incorrect.  A BaseDN is in the format of dc=sub-domain,dc=domain1,dc=top-level-domain.  An example would be dc=contoso,dc=com.

 
 

I am an HPE employee

Accept or Kudo

MRoushdy84
Frequent Visitor

Re: Active Directory integration issue - group query issue

I'm able to add a directory successfully, and the format I use is DC=domain,DC=LOCAL (for example), but when I query any group, to grant it permissions, it fails to query groups with the error I sent. I get the same error accross all of our OneView servers, and I also checked the firewall, nothing is blocked.

ChrisLynch
HPE Pro

Re: Active Directory integration issue - group query issue

The issue is with the double quote marks in the OU name.  I have been able to reproduce this.  And it only happens when browsing for the group.  We are looking at fixing this in a future OneView release.


I am an HPE employee

Accept or Kudo