Reference Guide

ManualsBrandsDell ManualsCompellent (SCPowerStore 5000X

Steps

1. In PowerStore Manager, select Settings in the top menu bar to display the Settings page.

2. In the left panel under Users, click Directory Services.

The Directory Services page appears.

3. The options that appear depend on whether LDAP has been configured. Do one of the following:

● To configure LDAP for the first time, click Configure LDAP. Go to the next step.

● To edit an existing LDAP configuration, click Edit LDAP Configuration. Go to the next step.

● To delete an LDAP configuration, click Delete LDAP Configuration.

When either Configure LDAP or Edit LDAP Configuration are selected, the Directory Services slide out panel appears.

When Delete LDAP Configuration is selected, a confirmation dialog box appears that describes the effect of the delete

operation. All data, including certificates and LDAP user/role settings, will also be deleted.

4. Under LDAP Settings Server Type, select the type of the LDAP authentication server.

5. Under Servers, do one of the following:

● To manually add a server address, click Configure IPs Manually, enter the IP address and click Add.

NOTE: Only IP addresses are accepted, FQDN is not supported.

● To remove a server address, select the address in the list box and click Delete.

● To move an IP address up or down in the list, select the address in the text box and click Up or Down, respectively, as

needed.

6. For Domain Name under Domain Settings, type the domain name of the LDAP authentication server.

The domain name must be filled in when the LDAP server configuration is created. After that, it is grayed out because it

cannot be changed without deleting and re-creating the LDAP server configuration.

7. For Bind DN (Distinguished Name), type the distinguished name of the LDAP user with administrator privileges.

The distinguished name should be specified in one of the following formats:

● (For AD and OpenLDAP) LDAP notation format (for example,

cn=ldapbinduser,cn=Users,dc=mycompany,dc=com)

● (For AD only) <user>@<domain> format (for example, ldapbinduser@mycompany.com)

8. For Bind DN Password, type the password for the user specified in Bind DN.

9. For Timeout (secs), type the amount of time in seconds that will be allowed for the LDAP connection and query to occur.

10. For enabling Global Catalog for Active Directory, select Global Catalog.

The port automatically sets to 3268 and the default value for User ID Attribute under Advanced Settings changes from

sAMAccountName to UserPrincipalName.

11. The port for LDAP cannot be customized. The LDAP server uses one of the following default ports:

● 389 for LDAP

● 3268 for LDAP (global catalog)

For example, nsroot.net instead of nam.nsroot.net using LDAP allows customers to query the entire AD forest (port

3268) instead of just the AD domain (TCP port 389). Also, AD role association is based on group scopes for Domain Local

Groups and Universal Groups. This allows end-users to search the AD using an appropriate scope as needed and to avoid

unnecessary group searches.

NOTE:

It is strongly recommended that LDAP be configured and verified before configuring Secure LDAP (LDAPS).

These actions will minimize any troubleshooting that may be necessary when enabling LDAPS.

12. Click Advanced Settings to list all the fields under User Search Settings and Group Search Settings. Verify the default

values and, if necessary, make changes if required.

For example, if the LDAP server has a different Search Path than the default cn=Users,dc= for either User Search

Settings or Group Search Settings, or both, click Advanced Settings and update the search paths or other fields as

necessary, then click Apply to save the advanced configuration changes.

NOTE:

The default values that appear under Advanced Settings are based on the type of server as shown in the

following list:

● Active Directory server

○ User Search Settings:

￭ ID Attribute: sAMAccountName

44 Directory Services