Virtual Connect LDAP Integration questions (152 Views)
Reply
Neighborhood Admin
chuckk281
Posts: 3,223
Registered: ‎01-09-2007
Message 1 of 1 (152 Views)

Virtual Connect LDAP Integration questions

Norman had a customer question:

 

**************

 

Curious about the TACACS+ support with respect to VCEM.

 

Seems like customers must choose between TACACS+ or LDAP, with a fall-back to local accounts if authentication fails.

 

Have a customer who’s network team uses TACACS+, but the server team would likely use LDAP.

 

First question: Can a customer’s VCEM installation support multiple methods (TACACS+, LDAP, local, etc.).

 

Second question: Do we have any instructions on how to integrate VCEM with TACACS+? (customer request)

 

****************

 

Info from Lionel:

 

*************

 

You don’t have to choose between TACAS+ or LDAP, you can enable both and set an authentication method for each user role. You can even set an order between different authentication methods so if a method fails, the next method is tried.

 

Back to your VCEM questions, the local access to VCM is not changed because you are under the control of VCEM so all authentication methods enabled under VCM are still available. VCEM only locks the VC Domain to make sure no configuration change can take place but concerning the local authentication, it’s the same as a standalone VC Domain.

 

The authentication order for each role is by default in the following order:


Domain: local > ldap > radius > tacacs

Network: tacacs > radius > local
Server: ldap > local

Storage: radius > local

 

So what your customer is asking is already the first default authentication method used today by VC for each network/server role.

 

**************

 

Any other help for Norman?

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.