12-21-2011 07:15 AM
I have just spent an entire morning failing to get LDAP authentication working for my HP IP Console Switch G2 4x1Ex32 - AF622A.
Just basic authentication would be nice, but even that doesnt seem to work.
The correct IP for the LDAP server has been specified and LDAP enabled.
I created an account in the domain, which has been specified within the Search DN settings as follows: CN=username,CN=ouname,DC=mydomain,DC=com
I've given it the correct password for the account i created (ensuring that the change password at next logon is disabled)
In the Search Base ive given it DC=mydomain,DC=com
and on the query page, ive set the authentication to basic for the time being.
If I try to login to the Console Switch interface with any domain account, it fails with 'Access cannot be granted due to authentication server errors'
I've even tried specifying a domain admin account as the Search DN, but that didn't work either. The firmware is 1.10.9 - which is the latest I can find.
Please, has anyone successfully configured LDAP lookup on one of these Console switches, because I would love to know how...
Thanks in advance
03-27-2013 06:10 PM - edited 03-27-2013 06:11 PM
Here is what worked for us, but your mileage may vary.
1. Create case sensitive computer name in AD that matches the switch's Appliance name.
2. Create a group in AD whose members are the switch's computer object and your IT admin group.
2a. In the Notes of that group enter KVM Appliance Admin, which defines the permissions. I believe the other two options are and KVM User and Admin KVM User.
3. Under Application Settings\User Accounts\LDAP click on Overview.
3a. For LDAP Priority choose Use LDAP Authentication.
3b Under Primary Server for Address enter <DC1>.
3c For Access Type choose ldaps.
3d. Under Primary Server for Address enter <DC2>.
3e. For Access Type choose ldaps, and press Save.
4. Under LDAP click on Search.
4a. For Search DN enter <DN of query account>. If you don’t know the DN then check adsiedit.msc
4b. For Search Password enter the account's password.
4c. For Search Base enter <DN of the domain> and press Save.
5. Under LDAP click on Query.
5a. Under Query Mode for Appliance choose Group Attribute. I think this tells it to reference the Notes setting.
5b. For Target Device accept the default Basic.
5c. For Group Container enter <OU name where the group was created in step 2>, and press Save. FYI, I think the OU can't have a space in its name, or at least using "" didn't work.