UCS Active Directory Authentication Integration Script

joemar · ‎05-09-2015

This script will configure all the parameters in UCS required to integrate it with Active Directory for Authentication with various roles. This integration requires no schema extensions and relies of Security Groups mapped to users in AD. The script also requires the creation of a Service Account in AD to allow UCS to validate the credentials. This Service Account requires minimal privileges in AD and should have a long lived password to prevent authentication failures. The script also builds a 'local' authentication domain which will allow locally created users in UCS to still be used for access. This can be important in the event of AD integration failure. LDAP authentication also relies on DNS and NTP so the script offers to assist these elements also. The script has a global variables section with examples that must be customized to your deployments requirements

v0.1.00 - Initially posted configuration

As always, please provide any comments, concerns or suggestions.

Joe

eefranzen · ‎08-08-2016

Note that this script has some hard coded settings for creating a martin.local domain. Be sure to edit these before running.

If you don't, it will create this ldap realm and it will also set the Native Authentication default to ldap, so trying to change later will fail.

Other than that, worked great.