Microsoft Active Directory and LDAP

The array allows you to use either Microsoft Active Directory or Lightweight Directory Access Protocol (LDAP) to provide external authentication server support for managing and authenticating users and groups. When a user logs in to an array, the service authenticates the user based on information in a centralized domain and assigns the appropriate array role to the user. This role specifies which tasks the user can perform.

Using an external authentication server provides:

  • Simplified administration. All the users and their permissions are stored in a single location. You can manage the users and set security policies, such as password strength and expiration time, from one location..
  • Enhanced security. When you change user settings, you do it in one place, not on multiple arrays. For example, if you delete a user, you perform this action in one place.
Active Directory and LDAP can share a centralized domain that stores information about authorized users, groups, and hardware objects when you select the schema AD during setup.
NOTE: If you configure LDAP using the schema OpenLDAP, there is no connection between Active Directory and LDAP.

The array requires that you only run one service at a time. While you cannot run both Active Directory and LDAP simultaneously, you can easily switch between the services.

IMPORTANT: To switch from Active Directory to LDAP, use the GUI Leave Domain option or the CLI userauth --leave command option. To switch from LDAP, use the GUI Disconnect option or the CLI userauth --delete option. These options remove the current service and its domain authentication. As a result, users who are logged in to the array using that service will no longer be able to perform tasks on the array. Any new operations will result in an error. If the users are not part of the domain you are switching to, they may not be able to log in. Local account access is permitted even if the array has stopped running an external server authentication process.
For more information about these services, see