— original post on my personal blog https://hendric.us —
This blog describes a step-by-step guide on how to use secure LDAP to connect the HP OneView appliance with Directory Services (Active Directory).
- step 1. get the server certificate from the domain controller(s)
- step 2. creating the right ldap query within HP OneView
- step 3. adding domain groups to HP OneView
step 1. get the server certificate from the domain controller(s)
- Download the latest version of openssl from openssl.org (click here)
- Unzip the package and start a command box and browse to the openssh\bin folder
- Now run the openssl command with the right FQDN of your domain controller(s) to get the server certificate:
openssl s_client -host FQDN -port 636
- Openssl will return you the server certificate, starting with —–BEGIN CERTIFICATE—– and ending with —–END CERTIFICATE—–
- Copy the information including the begin and end tag and save that information to a textfile (you need this in step2)
step 2. creating the right ldap query within HP OneView
- Login to OneView with the default administrator.
- Click in the top left corner on “HP OneView” to open the menu and click on “Settings”.
- Move the mouse to the security section and click edit.
- Click on “Add Directory”
- Fill in the form as:
- Directory: friendly name for example Hendric.us (this name will appear on the login screen)
- Directory Type: Active Directory
- Search Context:
- Box 1:
- Box 2: (The search context must contain the security groups AND the search context for the users within these groups, you can add more to the search context by using a +)
OU=Groups + OU=Users
- Box 3:
- Box 1:
- Username: Any user with rights to ldap the search context
- Password: *****
- Add Directory Server
- IP address or hostname: FQDN of the DC.
- Directory server port: 636 (or what you use for secure ldap).
- Directory server certificate: paste here the result from the openssl command (you saved it to a textfile).
- click add if you have one DC, or add+ to add an extra Directory server.
- Click add if you have one domain or add+ to repeat this procedure and add an extra domain.
step 3. adding domain groups to HP OneView
Now that the directory services are setup, we can add the groups to OneView and give them rights.
- Click in the top left corner on “HP OneView” to open the menu and click on “Users and Groups”.
- On the right side click on the button “Actions” and choose “Add Directory Group”.
- Directory: Choose the Active Directory domain.
- Credentials: Username and Password with rights to the search context, then click connect.
- Group name: Here you can search for the group you want to give rights on OneView (when the credentials part fail, you won’t get any results here).
- role: if you check specialized you have to choose from the list (Backup, Network, Server, Storage administrator), or check Full (full rights) or read-only.
- Click add if you’re finished or click add+ to add more groups.