[Freeipa-users] Contribute How-To: LDAP Authentication for Isilon OneFS using FreeIPA

Thu, 18 Jan 2018 05:06:08 -0800 

Hello all.

I'm a new user having recently deployed a FreeIPA server to supply
authentication for a small scale cluster. One of the first things I did
was to make our storage system (Isilon cluster running OneFS) use
FreeIPA as a authentication provider via LDAP.
Though straightforward, I wish this information was available directly
on the wiki and showed up on Google search for "How to configure
Isilon/OneFS to use FreeIPA".
I'd be happy to add this information into a wiki entry if someone could
give me access to it.
Login to FreeIPA server over SSH, and run the command:

[root@freeipa1 ~]# ldapsearch -x uid=admin | grep dn:
dn: uid=admin,cn=users,cn=compat,dc=nghpc,dc=dk
dn: uid=admin,cn=users,cn=accounts,dc=nghpc,dc=dk

Note down  uid=admin, cn=accounts,dc=nghpc,dc=dk 
and head to Isilon OneFS, where you may configure LDAP using one of the
two methods:
(1) Using the web UI:
       Access --> Authentication Providers --> LDAP
       + Add an LDAP provider
       Enter an LDAP provider name of choice that is easy to understand.       
Server URI: ldaps://<ip address or fqdn of FreeIPA server>
       Note: If you are using the fqdn, make sure the DNS settings
             resolve the fqdn from the command line using nslookup
             <fqdn>       Base Distinguished Name: dc=nghpc,dc=dk   (Enter the 
details as
       obtained from the search command earlier)       Bind to: 
uid=admin,cn=users,cn=accounts,dc=nghpc,dc=dk    (Enter
       the details as obtained from the search command earlier)       Enter the 
password for Admin user and you would have successfully
       connected Isilon to FreeIPa via LDAP.
(2) Using the commandline:
      Get the status of auth providers before beginning the
      configuration:    isi auth status
      Create a new LDAP provider using the command,
         isi auth ldap create test-ldap \
         --base-dn="dc=nghpc,dc=dk" \
         --bind-dn="uid=admin,cn=users,cn=accounts,dc=nghpc,dc=dk" \
         --bind-password="mypasswd" \
         --server-uris="ldaps://<ip address or fqdn of FreeIPA
         server>" \         --groupnet=<groupnet name>

Run the ldap search from the Isilon node to test whether the LDAP
connection works fine:ldapsearch -x uid=admin

You can use the troubleshooting guide from EMC :
https://www.emc.com/collateral/TechnicalDocument/docu63147.pdf


Thanks,
--
  Aravindh Sampathkumar
  aravi...@fastmail.com



_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to