UCS Central 1.1.1a, LDAP, UCSM 2.1

Raghavendra Barengala Sripada Rao · ‎07-17-2013

Hi All,

I have couple of questions regarding UCS Central deployment.

Customer has mutiple domains with variety of OS being installed per UCSM domain (VMWare, Redhat, Windows, Hyper-V, Oracle) .

1. Should I go ahead and create mutiple Domain Groups in UCS Central? Add each of the domain to respective DG later on? Or Should I just add all the UCSM instances to Org-root DG?

2. Customer wants to deploy LDAP and since there are mutiple UCSM domains here, VMWare Admin should have access only to VMWare blades same follows to rest of the OS types. Does LDAP works with UCS Central 1.1.1a, UCSM 2.1? I have tested on UCS Central 1.1.1a, for some reason the third tab (Domain) doesn't list when I launch UCS Central. Am I missing anything here?

Thanks a lot in advance.

Best Regards,

Jeffrey Silberman · ‎07-17-2013

1. Creating DG's can be done at anytime. And domains can be moved between DG's subsequent to the initial installation --- though you should be aware that doing so may have service impact, since you are potentially changing policy resolution for multiple domains. As a best practice, you do not generally want domains directly under the root DG --- use other DG's (or sub DG's). Another best practice to minimize risk is to minimize domain movement between DG's. So I'd recommend DG creation and domain placement initially.

2. LDAP works on UCSM 2.1 --- but there are some known limitations with UCS Central 1.1.1a. Best Practice is to not put anything under the root DG directly --- use other DG's (or sub DG's). Especially necessary for LDAP. Never put LDAP configs under the root DG. (Not clear what the "third tab(Domain)" is referring to. Can you please post a screenshot or detail what you're expecting?)

Raghavendra Barengala Sripada Rao · ‎07-17-2013

Thank you!

I will try out the LDAP configuration under other DGs. After I configure the LDAP will I see a third tab named "Domain" via UCS Central? Or is there a different way to log in?

yvan.comte · ‎08-08-2013

Hi

I have the same issue. With UCSM 2.1 LDAP MS AD login work perfectly. I did the same config on UCSC 1.1(1a) but I am presented with only username / password login. I tried various domain login without success:

domain\username

username@domain

all failed

help much appreciated.

kr

yvan

ericwill · ‎08-08-2013

Yvan:

Have you setup attribute based authentication for UCS Central 1.1.1a with LDAP? Currently UCS Central doesn't support UCS Central Role/Locale to LDAP Group mapping like UCS Manager supports. If not, you will need to define a LDAP attribute UCS Central will use to identify for each user what role / locale they should have. In that attribute for each LDAP user, you would add something similar to the example below:

shell:roles="," shell:locales=","

Parameters “role-X” and “role-Y” signifies the UCS Central role to be applied to the user being authenticated, and parameters “locale-X” and “locale-Y” are the locales in UCS Central to which you want the roles applied.

Thanks,
Eric