- Community Home
- >
- Servers and Operating Systems
- >
- HPE BladeSystem
- >
- BladeSystem - General
- >
- Re: Help configuring LDAP integration for BladeSys...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-18-2008 06:08 AM
12-18-2008 06:08 AM
I have read a few threads here, for example this, http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1277300
but cannot seem to get everything in order.
What happens is that when I run the LDAP tests I get a status of authentication = success but authorization = failed.
In addition I can use HP SIM as single sign-on and get logged in with my AD-key, but that's not completely what I want.
So obviously I have the servers in place and these settings correctly configured, but I am missing something in regards to actual access.
So, what should I actually put into each field, I am not sure after reading the manual ( http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00705292/c00705292.pdf ) what should actually be in each field.
Here's what I have
Directory Server address: myserver.mydomain.net
Directory Server SSL Port: 636
Search Context 1: OU=My OU,CN=Admin,CN=MainOU,DC=mydomain,DC=net
This is my first question, should the search context point to the path where the USER is or the path where the GROUP in which the user is a member is ?
And in which case should CN= be used or OU= be used ? is CN= only for users or groups and OU= for OU's ? (As you can guess I am more comfortable with the ILO authentication settings and config syntax... :-))
Additionally I have enabled the "Use NT Account Name Mapping (DOMAIN\username)" setting, is this only for easy login or for account lookup as well ?
On top of this I have added two domain groups, using their AD names, and granted the groups Administrator access, and I am member of the groups.
Still I get authorization failed ?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-18-2008 07:16 AM
12-18-2008 07:16 AM
			
				
					
						
							Re: Help configuring LDAP integration for BladeSystem OA login
						
					
					
				
			
		
	
			
	
	
	
	
	
http://forums11.itrc.hp.com/service/forums/categoryhome.do?categoryId=298
There are a lot more on the ILO/OA AD integration.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-18-2008 10:59 PM
12-18-2008 10:59 PM
			
				
					
						
							Re: Help configuring LDAP integration for BladeSystem OA login
						
					
					
				
			
		
	
			
	
	
	
	
	
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-18-2008 11:29 PM
12-18-2008 11:29 PM
			
				
					
						
							Re: Help configuring LDAP integration for BladeSystem OA login
						
					
					
				
			
		
	
			
	
	
	
	
	
And for the questions about wich ou to point out. You need to point to the OU where the users are as 2.31 and down doesn't support nested groups. Thats a new feature in 2.32
ou=Users,dc=MyCompany,dc=com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2008 01:23 AM
12-19-2008 01:23 AM
			
				
					
						
							Re: Help configuring LDAP integration for BladeSystem OA login
						
					
					
				
			
		
	
			
	
	
	
	
	
I thought that would be related to membership in groups specified to allow access ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2008 01:24 AM
12-19-2008 01:24 AM
			
				
					
						
							Re: Help configuring LDAP integration for BladeSystem OA login
						
					
					
				
			
		
	
			
	
	
	
	
	
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2008 07:23 AM
12-19-2008 07:23 AM
			
				
					
						
							Re: Help configuring LDAP integration for BladeSystem OA login
						
					
					
				
			
		
	
			
	
	
	
	
	
It should Point to the group in which user is member.
Try the below search Context:
Search Context 1: OU=My OU,OU=Admin,OU=MainOU,DC=mydomain,DC=net
If the Groups are directly under Users in Domain, Use CN otherwise use OU.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2008 07:26 AM
12-19-2008 07:26 AM
			
				
					
						
							Re: Help configuring LDAP integration for BladeSystem OA login
						
					
					
				
			
		
	
			
	
	
	
	
	
And I've added the actual groups in that OU that I want to grant access.
But I still can't get things to work, I only get authentication success and authorization failure. So I must still be doing something wrong somewhere ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2008 07:32 AM
12-19-2008 07:32 AM
			
				
					
						
							Re: Help configuring LDAP integration for BladeSystem OA login
						
					
					
				
			
		
	
			
	
	
	
	
	
Don't use the test LDAP Test Page. Does it work?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2008 07:50 AM
12-19-2008 07:50 AM
			
				
					
						
							Re: Help configuring LDAP integration for BladeSystem OA login
						
					
					
				
			
		
	
			
	
	
	
	
	
Try the attachment, is it same as your directory structure?
try the search context if it matches.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-05-2009 04:17 AM
01-05-2009 04:17 AM
			
				
					
						
							Re: Help configuring LDAP integration for BladeSystem OA login
						
					
					
				
			
		
	
			
	
	
	
	
	
Yes, I would say my OU structure resembles example 1, and so does my search context string, but I still can't get login to work.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-09-2009 12:05 PM
01-09-2009 12:05 PM
Solutionive just been doing a similar setup and after if figured out i should be using OU instead of CN started to get places.
One important thing ive found is that your group is in a different OU tree to the one where the user is located you must also specifcy the OU where the accounts exist (top level will do if the actual OU is nested below)
so i.e i have two context searches
1. OU=Groups,DC=domain,DC=com
2. OU=SiteName,DC=domain,DC=com
the user in question is in an ou 3 levels below site name and my group is in context search 1.
Hope this helps
Damien.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-11-2009 11:36 PM
01-11-2009 11:36 PM
			
				
					
						
							Re: Help configuring LDAP integration for BladeSystem OA login
						
					
					
				
			
		
	
			
	
	
	
	
	
Quite funny though that it takes two OU searches, at least to me it's kind of natural that you don't keep all users and groups in the same OU, at least not with 50K+ users :-)
Still, with one search context to the where groups are and one to where the users are placed things started to just work right away.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-11-2009 11:37 PM
01-11-2009 11:37 PM
