Skip to main content
NetApp Knowledge Base

How to configure LDAP Authentication for Cluster (Admin) SVM

Views:
9,761
Visibility:
Public
Votes:
6
Category:
ontap-9
Specialty:
nas
Last Updated:

Applies to

ONTAP 9

Description

  • This KB assumes that there is in place a mechanism for password replication between the Windows user database and the LDAP UNIX attributes.
  • This is not the default configuration and since IDMU is deprecated, third-party software may be needed.
  • Consider configuring domain-tunnel to use any SVM joined to a domain to authenticate domain users.
  • With domain-tunnel, a native Windows authentication mechanism will be used.
  • The below procedure lists the steps required in order to successfully configure LDAP Authentication for the Cluster (Admin) SVM in ONTAP 9.
    • This will allow the use of UNIX credentails stored in Windows AD LDAP for an administrative authentication (ssh, ontapi, web) to ONTAP.
  • As this is an example, make sure that the settings and values you use match your environment.
  • This procedure was tested with ONTAP 9, but is expected to work with prior versions of clustered Data ONTAP, as well.


Prerequisite:

  • On the ONTAP side, make sure the configured schema and its attributes reflects what is exactly configured in the Active Directory schema. Copy one of the read-only schemas and modify, appropriately.
  • LDAP schema configuration examples: How to configure RFC 2307bis for Windows
  • If you are not sure about the AD schema details, consult your Domain Admin.
  • Alternatively, connect to Active Directory, open the "Active Directory Users and Groups" MMC Snap-In, enable the "Advanced Features" under the "View" menu and examine the attributes for a user - "Properties > Attribute Editor".
  • For more information, best practices or troubleshooting steps, refer to: Secure Unified Authentication Kerberos, NFSv4, and LDAP in ONTAP

 

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

Scan to view the article on your device