Issue with OneView 3.10 and trying to add AD group

sysadmin4151 · ‎07-28-2017

I was able to add the directory itself, but fail to add a group for authentication. I have verified the group name as well as the CN. I can find the group using other ldap tools.

Any ideas?

I get one of the following errors, depending on what I input.

Unable to find the group CN=PTI - Y&Q ADF Administrator@domain1.domain2.domain3.net in the enterprise directory office.

or

Invalid search input [CN=Copy of test,CN=Definitions,CN=5.0,CN=StorageCentral SRM,CN=WQuinn,DC=domain1,DC=domain2,DC=domain3,DC=net], was provided with the input.

Which the CN listed isn't even in our domain.

I tried, the following formats;

CN=PTI - Y&Q ADF Administrator@domain1.domain2.domain3.net,OU=OU4,OU=OU3,OU=U2,OU=OU1,DC=office,DC=adroot,DC=bmogc,DC=net

CN=PTI - Y&Q ADF Administrator@domain1.domain2.domain3.net

PTI - Y&Q ADF Administrator@domain1.domain2.domain3.net

CN=PTI - Y&Q ADF Administrator,OU=OU4,OU=OU3,OU=U2,OU=OU1,DC=office,DC=adroot,DC=bmogc,DC=net

CN=PTI - Y&Q ADF Administrator,OU=OU4,OU=OU3,OU=U2,OU=OU1

None of which work.

Here is the directory settings

Directory= domain1

Directory Type = Active Directory

Base DN = DC=domain1,DC=domain2,DC=domain3,DC=net

IP or host name = domain1.domain2.domain3.net

Port: 636

sysadmin4151 · ‎07-28-2017

My theory is its the ampersand(&), I'm not sure how to make it work with the ampersand. I tried a different group without an ampersand and it worked.

ChrisLynchHPE · ‎07-31-2017

That certainly looks like a defect. The & (Aapersand) is a legal character for LDAP distinguished names. My only suggest for you is to remove the & character from your group name until we release a fix.

ChrisLynchHPE · ‎07-31-2017

Also, can you please open a support case?

ChrisLynchHPE · ‎08-23-2017

I wanted to follow up on this. We haven't been able to reproduce this issue. If you are still experiencing this issue, please open a support case, and you will need to supply an appliance Support Dump.

memogarcia · ‎06-28-2018

Hi, is there any updates on this issue? I'm having the exact same issue while connecting to OpenLDAP, the query that OneView seems to be making doesn't even matches the group I'm using

SRCH base="ou=Users,dc=acc,dc=gvp,dc=domain,dc=com" scope=2 deref=3 filter="(|(member=uid=user,ou=users,dc=acc,dc=gvp,dc=kpn,dc=org)(uniqueMember=uid=user,ou=users,dc=acc,dc=domain,dc=com))"

and my groups are:

cn=nfvi_users,dc=Groups,dc=acc,dc=gvp,dc=domain,dc=com

I'm using OneView 3.10.04-0299553

And I'm missing something on the configuration maybe?

Edit 1:

Yes, It was a misconfiguration, I did not add the ou=groups to my OneView configuration. but now I have another question.

Is OneView always making not-bind queries to OpenLDAP? some other tools like SSSD allows you to make binded queries, does OneView supports this as well?