When recursive search is enabled, how many levels deep will recursion go?
First, all groups which the user is directly a member of
will be retrieved. Then, for each of these groups, their ancestor
groups are traversed. The recursion continues until the top- level group is
Will the AD integration and Cisco UCS Manager support two-factor authentication using AD certificates?
No. Cisco UCS Manager only supports password-based authentication.
What are the known limitations of Cisco UCS Manager and AD integration? (For example, limits on AD traversal results, max groups searched, max AD objects, etc.)
Currently there are no known limitations to the size of an AD instance for plain user authentication, although the filter value
limits the search results to one or two. Cisco UCS Manager, versions 1.3(x) and earlier allowed
random filters, resulting in a large number of search results. In version 1.4(1), a
validation is in place that prevents this.
If a user belongs to large number of first-level groups, the retrieval of those groups is limited by the memory
available for the UCS Manager LDAP client. UCS Manager processes only those
groups that have been configured with roles and/or locales and discards
all other groups.
The maximum number of groups that the user can be member of is
32. This is consistent with the number of group-to-role mappings allowed in
What is the maximum AD structure that has been tested and qualified?
We have determined that user authentication is not dependent on AD size. We have tested the AD integration with users belonging to more than 120 groups, with each group name having 100 characters.