I thought I’d run through the basics of adding LDAP support to a Rubrik Edge cluster. I’ve written previously about multi-tenancy considerations with Rubrik, and thought it might be useful to start down that path in the lab to demonstrate some of the process. It’s not a terribly difficult task, but I did find a little trial and error was required. I suspect that’s because of some environmental issues on my side, rather than the Rubrik side of things. Anyway, let’s get started. Click on the Gear / Settings icon in the Web UI. Then select Users under Access Management.
Click on the LDAP Servers tab and click on “Add LDAP Server”.
You’ll be presented with the Add LDAP Server workflow window.
I messed this up a few times in my environment, but this is what worked for me.
Domain name: domainname.com.au
Base DN: dc=domainname,dc=com,dc=au
Bind DN or Username: [email protected]
Click Next to continue.
I pointed to one of the Active Directory servers in the environment. This went better when I added the domain name search to the cluster. The port I used was 389, but I’ve seen variations on that in various articles across the Internet.
If that works, you then have the option to enable MFA integration.
Toggling the button will give you the option to add two-step verification. There are some articles on the Internet that provide further guidance on that, and this video is quite useful too.
Once you’ve added your directory source, it’s time to assign roles to a user.
Click on Assign Roles, then drop down the directory you’d like to search in.
In this example, there’s the local user directory, and the domain source that I added previously.
If I search for people called Dan in this directory, it’s not too hard to find my username.
I can then assign a role to my directory username. By default, the configured roles are Administrator and ReadOnlyAdmin.
Now my AD account is listed under the users and I can login to CDM using my domain credentials.
And that’s it. If you want to read more about Rubrik and AD integration, including some neat automation, check out this article from Frederic Lhoest.