C7000 Onboard Administration: LDAP Authenitcation against multiple domains (995 Views)
Reply
Occasional Contributor
ErikdenBurger
Posts: 2
Registered: ‎04-05-2012
Message 1 of 3 (995 Views)

C7000 Onboard Administration: LDAP Authenitcation against multiple domains

I'm trying to get my AD Authentication/Authorization working on our C7000.

 

Our Active directory is a single tree, two domain setup (test.corp and mgt.test.corp)

I have setup the directory settings to a DC in de mgt.test.corp domain. This works fine for users in the mgt.test.corp domain. However, we also have a couple of users from the test.corp domain. They are a member of the ILO-Admins group that is on the MGT domain.

 

When testing the connection, the user is authenticated but not authorised. The message is "No LDAP Groups associated with user were discovered"

This usually has to do with incorrect search context. (I've tried adding a search context that was pointing to the test.corp domain, but it was not working)

 

 

We have the same setup working perfectly for our ILO based rack-servers (DL360/DL380 G6/G7/Gen8)

 

Is it possible to use multiple domains for authentication/authorization in the OA of a C7000 ?

 

Please use plain text.
Honored Contributor
PGTRI
Posts: 447
Registered: ‎01-19-2012
Message 2 of 3 (990 Views)

Re: C7000 Onboard Administration: LDAP Authenitcation against multiple domains

hi,

 

Please check the follwoing doc. I'll  hope, it help you further.

 

 

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02026030&jumpi...

 

Thanks

 

regards,

How to Say Thank You? Just click the KUDOS Star!
Please use plain text.
Respected Contributor
Psychonaut
Posts: 210
Registered: ‎08-31-2011
Message 3 of 3 (979 Views)

Re: C7000 Onboard Administration: LDAP Authenitcation against multiple domains

Unless someone out there has a trick I didn't find that won't work.  I have three child domains with the DC's in those child domains.  You can only authenticate users in that child domain.  If you went to a DC at the root I believe it would work.

Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation