HPE Community
MSA Storage
1819802 Members
3360 Online
109607 Solutions
New Discussion юеВ

LDAP use in MSA2050

 
M_v_S
Occasional Advisor

тАО06-02-2020 02:55 AM

тАО06-02-2020 02:55 AM

LDAP use in MSA2050

Hi,

I want to enable LDAP support in my MSA2050 for the domain admins.

The basic configuration is working, but users can't logon.

In User-search-base, I added the FQDN for my ad group. In that group I created the same group-name as in the Current-User-Groups area of the MSA config and gave them the admin rights there.

I see no further explanation what I have to do, with the group created in MSA. You can't add users there.

Have I to do somethin in another way?

Greetings to you all

0 Kudos
Reply
6 REPLIES 6
Dardan
Trusted Contributor

тАО06-02-2020 03:07 AM - edited тАО06-02-2020 03:45 AM

тАО06-02-2020 03:07 AM - edited тАО06-02-2020 03:45 AM

Re: LDAP use in MSA2050

Hello,

Have you tried logging in using the Domain\User and Password?

In order to troubleshoot further, please provide the following:
- Your MSA configuration, found under the tab LDAP Users
- AD Group FQDN and User's group.

Cheers,
Dardan

___________
Hit the Kudo's button to show appreciation or mark as solution if your question was answered.
0 Kudos
Reply
M_v_S
Occasional Advisor

тАО06-02-2020 03:21 AM

тАО06-02-2020 03:21 AM

Re: LDAP use in MSA2050

Hi,

of course I tried with Domain\Username before the post.

Server: my DC IP
Port: 636
User-search-base: OU=MyGroup,OU=Location,DC=Domain,DC=TLD
(of course with my real values)
Connection to LDAP worked with that configuration, with a wrong entry I couldn't save it.

Current User-Groups:
User Group Name: MyGroup

That is all I can configure.

0 Kudos
Reply
Dardan
Trusted Contributor

тАО06-02-2020 03:44 AM - edited тАО06-02-2020 03:47 AM

тАО06-02-2020 03:44 AM - edited тАО06-02-2020 03:47 AM

Re: LDAP use in MSA2050

User-search-base is the FQDN of the group where your (admin) users reside. I wouldn't create any extra group for this, if your priviledged account resides within OU=Admins, then it becomes OU=Admins,OU=Location,DC=Domain,DC=TLD.

User Group Name is then a security group (Global) where privileged users are added to. In your case it is let's say 'MyGroup' which has as a member your admin and other privileged accounts.

In addition to that, I have also configured the Alt-Server and Alt-Port and my MSA arrays are already using TLS/SSL certificates. Port 636 is a Secure LDAP port which might be needing the CA root certificate to be able to authenticate - although not sure of it.

___________
Hit the Kudo's button to show appreciation or mark as solution if your question was answered.
0 Kudos
Reply
M_v_S
Occasional Advisor

тАО06-02-2020 04:07 AM

тАО06-02-2020 04:07 AM

Re: LDAP use in MSA2050

The FQDN points to the group, where my Users are. But can't login with these accounts. Tried also port 389.

At first attempts I pointed the FQDN to the OU, where the group name is located in AD and added the Admin Accounts to that group, but as I said, it didn't worked.

Any other ideas?
I have other devices, where I use LDAP successfully.

 

0 Kudos
Reply
SUBHAJIT KHANBARMAN_1
HPE Pro

тАО06-17-2020 12:07 AM

тАО06-17-2020 12:07 AM

Re: LDAP use in MSA2050

@M_v_S 

Are you using Kerberos Server ?

The Kerberos realm name needs to be in CAP

The Group Distinguished Name need to be in the correct given group name тАУ CN=<group_name>,OU=<applicable OU>,DC=<domin>,DC=TLD

Can you please help us to understand if the issue got resolved or not?

If issue got resolved then how?

Also request you to mark the forum as resolved if there is no more outstanding query from your end on this issue.

This will help for everyone who are all following your forum.

 

Hope this helps!
Regards
Subhajit

I am an HPE employee

If you feel this was helpful please click the KUDOS! thumb below!

***********************************************************************

 



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
M_v_S
Occasional Advisor

тАО06-17-2020 04:19 AM

тАО06-17-2020 04:19 AM

Re: LDAP use in MSA2050

Hi,

I don't have Kerberos in use.

Tried it also with a group in the last OU and your suggestion: CN=Group,...

So this issue is still open.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.