Enable authentication for a load-balanced enterprise directory environment

An enterprise directory environment setup with multiple domain controllers by default sends the server addresses using round-robin method when it responds to a client. As a result, the load is distributed across the server group. Such environment may additionally use a load-balancing solution, which checks server status to avoid forwarding requests to inaccessible servers.

Use the following steps to enable authentication in such an environment in HPE OneView:

Prerequisites
  • Privileges: Infrastructure administrator.
  • Add the root and any intermediate CA certificates of the directory into the HPE OneView trust store.
Procedure
  1. From the main menu, select Settings.
  2. Either click the Edit icon in the Security panel, or select Actions > Edit.
  3. On the Edit Security screen, under Directories, click Add Directory.
  4. Enter the data requested on the Add/Edit Directory configuration details screen.

    Define the directory configuration specifying the parent domain components as the value for Base Distinguished Name (Base DN). For example, for a domain, example.com, specify the Base DN value as DC=example, DC=com.

  5. Click Add directory server. The Add Directory Server screen appears.
    • If the directory environment is load-balanced using a load-balancer, then;
      • Enter the domain name example.com as the directory server name.

      • Enter the Global Catalog SSL port (default is 3269) or the SSL port (default is 636) as the directory server port.

    • If the directory environment uses only DNS load-balancing, then;
      • Enter the domain controller address or server address (host name) as the directory server name.

      • Enter the Global Catalog SSL port (default is 3269) or the SSL port (default is 636) as the directory server port.

      • Repeat the previous instructions to add multiple directory servers as needed.

  6. When adding directory groups on the Users and Groups screen, specify the directory group with the directory name as example.com in the Add group screen.
  7. To verify authentication, log in as user@domain or domain\user. For example, admin@example.com, example\admin, or admin.