Re: HP IP Console Switch G2 LDAP configuration - epic FAIL. (642 Views)
Reply
Occasional Visitor
NickNick_1
Posts: 4
Registered: ‎01-06-2010
Message 1 of 3 (953 Views)

HP IP Console Switch G2 LDAP configuration - epic FAIL.

Hi,

 

I have just spent an entire morning failing to get LDAP authentication working for my HP IP Console Switch G2 4x1Ex32 - AF622A.

Just basic authentication would be nice, but even that doesnt seem to work.

The correct IP for the LDAP server has been specified and LDAP enabled.

I created an account in the domain, which has been specified within the Search DN settings as follows: CN=username,CN=ouname,DC=mydomain,DC=com

 

I've given it the correct password for the account i created (ensuring that the change password at next logon is disabled)

In the Search Base ive given it DC=mydomain,DC=com

 and on the query page, ive set the authentication to basic for the time being.

If I try to login to the Console Switch interface with any domain account, it fails with 'Access cannot be granted due to authentication server errors'

 

I've even tried specifying a domain admin account as the Search DN, but that didn't work either.  The firmware is 1.10.9 - which is the latest I can find.

 

Please, has anyone successfully configured LDAP lookup on one of these Console switches, because I would love to know how...

 

Thanks in advance

 

 Nick

 

 

 

 

 

 

 

Please use plain text.
Occasional Visitor
NickNick_1
Posts: 4
Registered: ‎01-06-2010
Message 2 of 3 (937 Views)

Re: HP IP Console Switch G2 LDAP configuration - epic FAIL.

Bump...

 

Anyone??

Please use plain text.
Occasional Contributor
Loc_750
Posts: 4
Registered: ‎09-11-2012
Message 3 of 3 (642 Views)

Re: HP IP Console Switch G2 LDAP configuration - epic FAIL.

[ Edited ]

Here is what worked for us, but your mileage may vary.


1.    Create case sensitive computer name in AD that matches the switch's Appliance name.
2.    Create a group in AD whose members are the switch's computer object and your IT admin group.

2a.  In the Notes of that group enter KVM Appliance Admin, which defines the permissions. I believe the other two options are and KVM User and Admin KVM User.
3.    Under Application Settings\User Accounts\LDAP click on Overview.
3a.  For LDAP Priority choose Use LDAP Authentication.
3b   Under Primary Server for Address enter <DC1>.
3c   For Access Type choose ldaps.
3d. Under Primary Server for Address enter <DC2>.
3e. For Access Type choose ldaps, and press Save.
4.    Under LDAP click on Search.
4a.  For Search DN enter <DN of query account>. If you don’t know the DN then check adsiedit.msc
4b.  For Search Password enter the account's password.
4c.  For Search Base enter <DN of the domain> and press Save.
5.    Under LDAP click on Query.
5a.  Under Query Mode for Appliance choose Group Attribute. I think this tells it to reference the Notes setting.
5b.  For Target Device accept the default Basic.
5c.  For Group Container enter <OU name where the group was created in step 2>, and press Save. FYI, I think the OU can't have a space in its name, or at least using "" didn't work.

Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation