Connect HP OneView with Active Directory (step-by-step)

Using Edge browser with built-in Administrator
12/03/2016
Mac OS Sierra workaround for Citrix Receiver
02/09/2016
Show all

Connect HP OneView with Active Directory (step-by-step)

This blog describes a step-by-step guide on how to use secure LDAP to connect the HP OneView appliance with Active Directory.

  • step 1. get the server certificate from the domain controller(s)
  • step 2. creating the right ldap query within HP OneView
  • step 3. adding domain groups to HP OneView

step 1. get the server certificate from the domain controller(s)

  • Download the latest version of openssl from openssl.org (click here)
  • Unzip the package and start a command box and browse to the openssh\bin folder
  • Now run the openssl command with the right FQDN of your domain controller(s) to get the server certificate:

  • Openssl will return you the server certificate, starting with —–BEGIN CERTIFICATE—– and ending with —–END CERTIFICATE—–
  • Copy the information including the begin and end tag and save that information to a textfile (you need this in step2)

step 2. creating the right ldap query within HP OneView

  • Login to OneView with the default administrator.
  • Click in the top left corner on “HP OneView” to open the menu and click on “Settings”.
  • Move the mouse to the security section and click edit.
  • Click on “Add Directory”
  • Fill in the form as:
    • Directory: friendly name for example Hendric.us (this name will appear on the login screen)
    • Directory Type: Active Directory
    • Search Context:
      • Box 1:
      • Box 2: (The search context must contain the security groups AND the search context for the users within these groups, you can add more to the search context by using a +)
      • Box 3:
    • Username: Any user with rights to ldap the search context
    • Password: *****
    • Add Directory Server
      • IP address or hostname: FQDN of the DC.
      • Directory server port: 636 (or what you use for secure ldap).
      • Directory server certificate: paste here the result from the openssl command (you saved it to a textfile).
        • click add if you have one DC, or add+ to add an extra Directory server.
    • Click add if you have one domain or add+ to repeat this procedure and add an extra domain.

step 3. adding domain groups to HP OneView

Now that the directory services are setup, we can add the groups to OneView and give them rights.

  • Click in the top left corner on “HP OneView” to open the menu and click on “Users and Groups”.
  • On the right side click on the button “Actions” and choose “Add Directory Group”.
    • Directory: Choose the Active Directory domain.
    • Credentials: Username and Password with rights to the search context, then click connect.
    • Group name: Here you can search for the group you want to give rights on OneView (when the credentials part fail, you won’t get any results here).
    • role: if you check specialized you have to choose from the list (Backup, Network, Server, Storage administrator), or check Full (full rights) or read-only.
    • Click add if you’re finished or click add+ to add more groups.

4 Comments

  1. Koen says:

    Hello Hendric,

    With which version of OneView did you create this procedure?
    I’m using version 2.0 and doesn’t see the same field as you describe.

    the search context boxes aren’t there.

    kind regards
    Koen

    • Hendricus says:

      Hello Koen,

      I’ve created this procedure with version 1.20.x
      The procedure should be the same as the documentation for version 2.0.x guides you to the same search context boxes.
      If you need more help on this, you can contact me by using the contact form.

      Kind regards,
      Hendricus

  2. Shibu says:

    I am very new to AD, So Can you provide me the steps to create certificate on my AD server?

Leave a Reply

Your email address will not be published. Required fields are marked *