Unsolved
This post is more than 5 years old
23 Posts
0
6301
How to configure LDAP for VPLEX?
I'm trying to configure LDAP authentication and it keeps failing, any help is appriciated:
Also can someone confirm that "Mapprincipal" is equivalent to "OU Search Path"?
VPlexcli:/> configuration configure-auth-service
Configure Authentication Service Provider (Optional)
You may select to use your existing LDAP or Active Directory as a directory service to
authenticate VPLEX users. To configure this, you will need the authentication service
provider server information, and the security information to map the users.
Or, you may choose not to configure an authentication service provider at this time.
You may configure an authentication service provider for authentication at any time,
using VPLEX CLI commands.
Would you like to configure an authentication service provider to authenticate VPLEX
users? (yes/no) [no]: y
VPLEX supports the following types of authentication service providers:
1. LDAP
2. AD
Select the type of authentication service provider you would like use for VPLEX
authentication. (1 - 2) [1]: 1
Enter the Authentication Server IP Address []: xxx.xxx.x.xxx
VPLEX supports these connections types:
1. SSL
2. TLS
Select your connection type (1 - 2) [2]: 2
Enter the port to be used for LDAP [389]: 389
Configure Security Settings for Your Authentication Service Provider
To configure the Authentication Service Provider you will need: the base disti
name, the bind distinguished name, and the mapprincipal. Examples of these are
Base Distinguished Name Example: dc=security,dc=orgName,dc=companyName,dc=com
Bind Distinguished Name Example:
cn=Administrator,dc=security,dc=orgName,dc=companyName,dc=com
Mapprincipal Example: ou=people,dc=security,dc=orgName,dc=companyName,dc=com
Enter the Base Distinguished Name []: PROD.XXXX.GOV
Enter the Distinguished Bind Name []: CN=StorageSVC Service Account,OU=Applica - (I input correct DB Name)
Enter the mapprincipal []: OU=Administrative,OU=UserAccounts,DC=PROD,DC=XXXX,
DC=GOV
cstadmin: Object PAM VPLEX-PAM-Authority configured.
Enter StorageSVC Service Account's password:
Connecting to authentication server (may take 3 minutes) ...
authentication Evaluation of <
directory-service ********>> failed.
configure:
cause: Command execution failed.
cause: ldap_start_tls: Server is unavailable (52)
additional info: 00000000: LdapErr: DSID-0C090CF0,
comment: Error initializing SSL/TLS, data 0, vece
Evaluation of < > failed.
Command execution failed.
ldap_start_tls: Server is unavailable (52)
additional info: 00000000: LdapErr: DSID-0C090CF0, comment: Error initia lizing SSL/TLS, data 0, vece
Configuration of the ldap authentication service is incomplete
Rolling back to a known good state
The log summary for configuration automation has been captured in /var/log/VPlex /cli/VPlexconfig.log
The task summary and the commands executed for each automation task has been cap tured in /var/log/VPlex/cli/VPlexcommands.txt
The output for configuration automation has been captured in /var/log/VPlex/cli/ capture/VPlexconfiguration-session.txt
Evaluation of < > failed.
Command execution failed.
ldap_start_tls: Server is unavailable (52)
additional info: 00000000: LdapErr: DSID-0C090CF0, comment: Error initia lizing SSL/TLS, data 0, vece
configuration Evaluation of <
configure-auth-service: configure-auth-service>> failed.
cause: Command execution failed.
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
December 24th, 2012 11:00
Yes, "Mapprincipal" is equivalent to "OU Search Path".
You need to run 'authentication directory-service configure' VPLEX CLI command.
Please make sure that the principal that you are mapping has UNIX attributes set.