Skip to main content
NetApp Knowledge Base

How to configure LDAP Authentication for Cluster (Admin) SVM

Views:
20,516
Visibility:
Public
Votes:
10
Category:
ontap-9
Specialty:
nas
Last Updated:

Applies to

ONTAP 9

Description

  • This KB assumes that there is in place a mechanism for password replication between the Windows user database and the LDAP UNIX attributes.
  • This is not the default configuration and since IDMU is deprecated, third-party software may be needed.
  • Consider configuring domain-tunnel to use any SVM joined to a domain to authenticate domain users.
  • With domain-tunnel, a native Windows authentication mechanism will be used.
  • The below procedure lists the steps required in order to successfully configure LDAP Authentication for the Cluster (Admin) SVM in ONTAP 9.
    • This will allow the use of UNIX credentials stored in Windows AD LDAP for an administrative authentication (ssh, ontapi, web) to ONTAP.
  • As this is an example, make sure that the settings and values you use match your environment.


Prerequisite:

  • On the ONTAP side, make sure the configured schema and its attributes reflects what is exactly configured in the Active Directory schema. Copy one of the read-only schemas and modify, appropriately.
  • LDAP schema configuration examples: How to configure RFC 2307bis for Windows
  • If you are not sure about the AD schema details, consult your Domain Admin.
  • Alternatively, connect to Active Directory, open the "Active Directory Users and Groups" MMC Snap-In, enable the "Advanced Features" under the "View" menu and examine the attributes for a user - "Properties > Attribute Editor".
  • For more information, best practices or troubleshooting steps, refer to: Secure Unified Authentication Kerberos, NFSv4, and LDAP in ONTAP

 

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.