HPE OneView
cancel
Showing results for 
Search instead for 
Did you mean: 

Struggling with AD authentiction

SOLVED
Go to solution

Struggling with AD authentiction

Hi all!

 

I am struggling with AD authentication to work in OneView. I have version 1.10.05 (latest) and can not get it to work with AD integration.

All the users that have Admin rights to OneView is in this group: OneView Admin and context to this group is:

OU=Groups,OU=NET,DC=Company,DC=SE

 

In the "Add Directory" screen I have just a description in the first field. Correct??

 

Directory Type is "Active Directory"

 

Search Context is:

First Field: CN (nothing more than CN. Should it be?? or should it be CN=OneView Admin)

Second Field: OU=Groups,OU=NET

Third Field: DC=Company,DC=SE

I have checked that the group I want to give authority to log is in OU=Groups

 

Credential:

I have use a Domain Admin. Should it be just username or domain\username or shold the user exist in the above search context?

 

For me that have to work with HPSIM this is a very complex integration. More example in the help text are needed

 

BR

/Mikael Christenson

 

Micke_Christenson
4 REPLIES
ChrisLynchHPE
Neighborhood Moderator
Solution

Re: Struggling with AD authentiction

Welcome to the HP OneView Communities.

 

Two things:

 

  1. The username you provided is not in the correct format.  Only CN account values are allowed.  You provided an NT Domain style account name, which is not supported.  To get the CN value, open Active Directory Users and Computer MMC console, turn on Advanced Features under Options, navigate to the user account, open the Properties, then click on Attribute Editor.  Scroll down until you get to CN, and copy the value.  You must use this AD attribute for authentication for Directory Configuration validation, Add Directory Group, and authentication at the main logon screen of the appliance.
  2. There are a number of LDAP/AD bugs introduced in the 1.10.05 patch/release.  We have a patch in testing (1.10.07) that will not only address LDAP/AD bugs, but will also introduce NtSamAccountName and UPN support for AD.

 

Unfortunately, I do not have an ETA on when the .07 patch will be released, but we are close.  Once it is released, an announcement will be made in this forum.

Re: Struggling with AD authentiction

Thanks Chris!

 

That really helped me. But do you really mean that that I have to use my CN name to logon to the appliance if I enable AD-support?

 

I really looking forward to the patch that enables NT account.

 

Thanks again

 

/Micke Ch

Micke_Christenson
ChrisLynchHPE
Neighborhood Moderator

Re: Struggling with AD authentiction

Unfortunately, you need to use the CN value of your, and other, user account.

ChrisLynchHPE
Neighborhood Moderator

Re: Struggling with AD authentiction

Just to complete the discussion in this topic, both the 1.10.07 and 1.20 releases support SamAccountName and UPN usernames for authentication.  You still provide CN as the Attribute value in the first field when configuring LDAP/Active Directory authentication on the appliance.