How to configure Cisco UCS for LDAP and Active Directory authentication
I was helping out a team member with setting up AD authentication on a UCS chassis in our internal lab. It looked to be a pretty easy task but turned out to be a dog fight. In the end it was easy but I found a few errors in the Cisco document that explains how to configure LDAP for Cisco UCS. I will point out the items that caused me grief.
In the end its now working as expected and is a great feature to put to use. With so many different pieces of equipment in your environments being able to have a unified log in is much better than trying to remember 20 different local ID’s.
You can download and view a copy of the LDAP for Cisco UCS guide from here or a Google search will turn up the same thing.
In the “Creating LDAP Provider” section the main part that tripped me up was the following.
If you refer to the image below shows the highlighted portion according to the document. I have updated the instruction below. Once I changed this the authentication worked immediately. Before changing it would just fail and according to the logs on the AD server it was not even making the attempt and failing.
c) This should be the string for the Bind user that you created earlier in the document. Example below
BindDN value is CN=ucsbind,OU=CiscoUCS,DC=sampledesign,DC=com
This section in the collecting information section was also wrong. It did not cause me any issues but did require me to go back and read things a few more times to make sure.
In part d it references OU=CiscoUsers in the string. But the instructions never requested us to create this OU. It should just be the OU=CiscoUCS that you did create. Nothing to cause you issue just to clear things up.
About Brian Suhr
Brian is a VCDX5-DCV and a Sr. Tech Marketing Engineer at Nutanix and owner of this website. He is active in the VMware community and helps lead the Chicago VMUG group. Specializing in VDI and Cloud project designs. Awarded VMware vExpert status 6 years for 2016 - 2011. VCP3, VCP5, VCP5-Iaas, VCP-Cloud, VCAP-DTD, VCAP5-DCD, VCAP5-DCA, VCA-DT, VCP5-DT, Cisco UCS Design