HPE Community
HPE OneView
1840133 Members
3222 Online
110161 Solutions
New Discussion

HPE OneView LDAP

 
Mike64
Advisor

2 weeks ago - last edited a week ago by

2 weeks ago - last edited a week ago by

HPE OneView LDAP

Hello,

I'll start by saying certs really aren't my thing.

I've built two tier CAs but haven't a clue how to use them. Go figure..

I've also configured LDAP for vCenter. Straight forward, not a problem.

I now need to configure LDAP for HPE OneView and struggling.

As previously mentioned, we have a CA (didn't need it for vCenter).

Can someone advise what steps I need to take?

The more detail, the better but have to be relatively straight forward to follow.

Many thanks for any help.

Reply
6 REPLIES 6
Harshitha_K
HPE Pro

2 weeks ago

2 weeks ago

Re: HPE OneView LDAP

Hi @Mike64 ,

Hope this helps!

Here’s a step-by-step guide, assuming you want to use LDAP (Active Directory) authentication for OneView, and possibly secure it with SSL/TLS using your CA.

Prerequisites

  • You have HPE OneView up and running.
  • You have the details of your LDAP/AD servers (hostname, port, domain, etc.).
  • (Optional for LDAPS) Your CA is capable of issuing certificates for your Domain Controllers.
  • You have admin credentials for both OneView and your AD.

    Here is step by step procedure
  1. Go to: Settings > Security > Directory → Add Directory.
  2. Choose Type: Active Directory or OpenLDAP.

     

  3. Enter DetailsHostname/IP, Port: 389 (LDAP) or 636 (LDAPS), Bind DN (The root of your LDAP tree (e.g., DC=example,DC=com) + Password, and User & Group Search Base

  4. Map Groups: Link LDAP groups to OneView roles.

  5. Enable SSL (LDAPS only):
    --> Export LDAP server cert or CA cert.
    --> Import it in Settings > Security > Certificates.
  6. Test & Save: Use “Test Connection” → Save if successful.

    Thank you!
    Hope this information has helped you, Please click on the "Thumbs Up/Kudo" icon as a token of appreciation. Also, if this post has helped to solve your issue, consider marking this as an "Accepted Solution".

 

 



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
Mike64
Advisor

2 weeks ago

2 weeks ago

Re: HPE OneView LDAP

Steps taken so far

Settings > Security > Add Directory


CA signed certificate presented by the device or server is not trusted by the appliance. CA certificate <Cert Name> that is part of the device or server certificate chain is not present in the appliance trust store.

Add CA certificate <Cert Name> and retry this operation. If the missing CA certificate <Cert Name> is not available, enable the less secure "Force trust leaf certificate" option to trust the leaf certificate.

Click on 'Add CA certificate
In the pase certificate section, I paste the cert and click 'Validate certificate' and get the following.

Unable to trust the certificate.
The CA certificate with "Common Name" <cert name> used for signing the incoming certificate with "Common Name" <cert name> is not a trusted certificate.

Resolution Add a trusted CA certificate and retry the operation. To add the missing certificate use the import certificate option under the Settings->Security->Manage certificates.

I've gone to Settings > Security > Manage certificates > Add certificates
I paste the cert, click 'Validate certificate.

I get the following

Unable to trust the certificate.
The CA certificate with "Common Name" <cert name> used for signing the incoming certificate with "Common Name" <cert name> is not a trusted certificate.

Resolution Add a trusted CA certificate and retry the operation. To add the missing certificate use the import certificate option under the Settings->Security->Manage certificates.

At this point I'm not sure how to progress.

 

0 Kudos
Reply
support_s
System Recommended

2 weeks ago

2 weeks ago

Query: HPE OneView LDAP

System recommended content:

1. HPE OneView 5.50 Best Practices Guide for Deployment and Management

2. HPE OneView 5.5 Best Practices Guide for Deployment and Management

 

Please click on "Thumbs Up/Kudo" icon to give a "Kudo".

 

Thank you for being a HPE valuable community member.


Accept or Kudo

0 Kudos
Reply
Mike64
Advisor

2 weeks ago

2 weeks ago

Re: HPE OneView LDAP

Hi Harshitha,

I'll follow your steps and see how that goes. Many thanks.

I've posted what I've already tried without success.

0 Kudos
Reply
Mike64
Advisor

2 weeks ago

2 weeks ago

Re: HPE OneView LDAP

Hi Harshitha,

No I tried that way as well with a service account, adding domain, DN, user account details etc. and still get 

Unable to trust the certificate.
The CA certificate with "Common Name" <cert name> used for signing the incoming certificate with "Common Name" <cert name> is not a trusted certificate.

Resolution Add a trusted CA certificate and retry the operation. To add the missing certificate use the import certificate option under the Settings->Security->Manage certificates.

 

0 Kudos
Reply
Harshitha_K
HPE Pro

2 weeks ago

2 weeks ago

Re: HPE OneView LDAP

Hi @Mike64 ,

Steps to Fix the Certificate Trust Issue

  1. Verify the CA Certificate

    • Ensure the CA certificate that signed the incoming certificate is valid and not expired.

    • Double-check the Common Name (CN) matches what’s expected.

  2. Import the CA Certificate

    • Go to Settings → Security → Manage Certificates.

    • Use the Import Certificate option to upload the missing CA certificate.

    • Make sure it's added to the Trusted Root Certification Authorities store (or equivalent, depending on your platform).

  3. Restart the Service

    • After importing, restart the relevant service or application to ensure the new trust settings are applied.

  4. Test the Connection Again

    • Retry the operation and confirm whether the certificate is now accepted.

      If the issue still persists, please log a case with HPE support (Support case link: Site Support | HPE Support Center).

      Thank you!
      Hope this information has helped you, Please click on the "Thumbs Up/Kudo" icon as a token of appreciation. Also, if this post has helped to solve your issue, consider marking this as an "Accepted Solution".



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.