Sample Configuration: Cisco UCS, LDAP and Active Directory - FAQs [Cisco UCS Manager]

Contents
FAQs
FAQs

Q.
When recursive search is enabled, how many levels deep will recursion go?
A.

First, all groups which the user is directly a member of will be retrieved. Then, for each of these groups, their ancestor groups are traversed. The recursion continues until the top- level group is reached.

Q.
Will the AD integration and Cisco UCS Manager support two-factor authentication using AD certificates?
A.
No. Cisco UCS Manager only supports password-based authentication.

Q.
What are the known limitations of Cisco UCS Manager and AD integration? (For example, limits on AD traversal results, max groups searched, max AD objects, etc.)
A.
Currently there are no known limitations to the size of an AD instance for plain user authentication, although the filter value limits the search results to one or two. Cisco UCS Manager, versions 1.3(x) and earlier allowed random filters, resulting in a large number of search results. In version 1.4(1), a validation is in place that prevents this.

If a user belongs to large number of first-level groups, the retrieval of those groups is limited by the memory available for the UCS Manager LDAP client. UCS Manager processes only those groups that have been configured with roles and/or locales and discards all other groups.

The maximum number of groups that the user can be member of is 32. This is consistent with the number of group-to-role mappings allowed in UCS Manager.

Q.
What is the maximum AD structure that has been tested and qualified?
A.

We have determined that user authentication is not dependent on AD size. We have tested the AD integration with users belonging to more than 120 groups, with each group name having 100 characters.