Manualshelf

Reference Guide

ManualsBrandsDell ManualsCompellent (SCPowerStore 5000X
39404142434445464748
For example, nsroot.net instead of nam.nsroot.net using LDAPS allows customers to query the entire AD forest (port
3269) instead of just the AD domain (TCP port 636). Also, AD role association is based on group scopes for Domain Local
Groups and Universal Groups. This allows end-users to search the AD using an appropriate scope as needed and to avoid
unnecessary group searches.) Also, Upload for LDAP Certificate appears when the LDAP Secure (Use SSL) checkbox is
selected.
3. Click Upload.
The Upload File dialog box appears.
4. Click Choose File.
5. Browse to the desired certificate file, then select the file and click Open.
6. After the file upload completes, click Apply to save the configuration changes.
Next steps
You must verify the configuration after configuring LDAPS and uploading the server certificate file.
Verify LDAPS configuration
About this task
NOTE: To avoid the possibility of data being unavailable, you must verify the LDAPS connection after every LDAPS
configuration change.
To verify the LDAPS configuration, do the following:
Steps
1. Click Verify Connection on the Directory Services page.
If the configuration is valid, a connection will be established with the LDAP server and a green check mark along with the
text Connection Verified will appear.
2. If the verification fails, the following steps are recommended to troubleshoot the failure:
a. Verify the Directory Services configuration information, in particular the port number.
b. Verify the LDAP server is online and configured for LDAPS.
c. Verify the certificates in the uploaded certificate file are valid, for example, not expired and in the correct order.
d. Verify the configured IP address is in the Subject or Subject Alternative Name field in the LDAP server certificate.
e. Verify there are no network issues; for example, firewall rules that would block access to the LDAPS port, and such.
Next steps
After the LDAP server is configured, one or more LDAP users or groups must be added to PowerStore to map the users (or
groups) to roles. Otherwise, LDAP authentication will succeed on login, but the login will fail because no role could be assigned
to the user.
Configure LDAP account
About this task
The procedure for creating an LDAP user or group account on PowerStore is similar. However, the LDAP group must also be
created on the LDAP server, and LDAP users added as members of that group. The advantage of creating an LDAP group
account is that all the users which are members of the added group get access to PowerStore with the privileges and role
mapped to that group.
To create an LDAP user or group account, do the following:
NOTE: LDAP server must be configured before an LDAP user or group account can be created.
Steps
1. In PowerStore Manager, click Settings in the top menu bar to display the Settings page.
Directory Services
47