Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

UCS Central 1.1.1a, LDAP, UCSM 2.1

Hi All,

I have couple of questions regarding UCS Central deployment.

Customer has mutiple domains with variety of OS being installed per UCSM domain (VMWare, Redhat, Windows, Hyper-V, Oracle)  .

1. Should I go ahead and create mutiple Domain Groups in UCS Central? Add each of the domain to respective DG later on? Or Should I just add all the UCSM instances to Org-root DG?

2. Customer wants to deploy LDAP and since there are mutiple UCSM domains here, VMWare Admin should have access only to VMWare blades same follows to rest of the OS types. Does LDAP works with UCS Central 1.1.1a, UCSM 2.1? I have tested on UCS Central 1.1.1a, for some reason the third tab (Domain) doesn't list when I launch UCS Central. Am I missing anything here?

Thanks a lot in advance.

Best Regards,

4 REPLIES
New Member

UCS Central 1.1.1a, LDAP, UCSM 2.1

1.   Creating DG's can be done at anytime.    And domains can be moved between DG's subsequent to the initial installation --- though you should be aware that doing so may have service impact, since you are potentially changing policy resolution for multiple domains.    As a best practice, you do not generally want domains directly under the root DG --- use other DG's (or sub DG's).   Another best practice to minimize risk is to minimize domain movement between DG's.   So I'd recommend DG creation and domain placement initially.

2.  LDAP works on UCSM 2.1 --- but there are some known limitations with UCS Central 1.1.1a.    Best Practice is to not put anything under the root DG directly --- use other DG's (or sub DG's).   Especially necessary for LDAP.   Never put LDAP configs under the root DG.    (Not clear what the "third tab(Domain)" is referring to.   Can you please post a screenshot or detail what you're expecting?)

Re: UCS Central 1.1.1a, LDAP, UCSM 2.1

Thank you!

I will try out the LDAP configuration under other DGs. After I configure the LDAP will I see a third tab named "Domain" via UCS Central? Or is there a different way to log in?

New Member

UCS Central 1.1.1a, LDAP, UCSM 2.1

Hi

I have the same issue. With UCSM 2.1 LDAP MS AD login work perfectly. I did the same config on UCSC 1.1(1a) but I am presented with only username / password login. I tried various domain login without success:

domain\username

username@domain

all failed

help much appreciated.

kr

yvan

Cisco Employee

UCS Central 1.1.1a, LDAP, UCSM 2.1

Yvan:

Have you setup attribute based authentication for UCS Central 1.1.1a with LDAP?  Currently UCS Central doesn't support UCS Central Role/Locale to LDAP Group mapping like UCS Manager supports.  If not, you will need to define a LDAP attribute UCS Central will use to identify for each user what role / locale they should have.  In that attribute for each LDAP user, you would add something similar to the example below:

shell:roles="," shell:locales=","

Parameters “role-X” and “role-Y” signifies the UCS Central role to be applied to the user being authenticated, and parameters “locale-X” and “locale-Y” are the locales in UCS Central to which you want the roles applied.

Thanks,
Eric          

968
Views
0
Helpful
4
Replies
CreatePlease login to create content