EcoStruxure with OktaLDAP

username-required · ‎2024-08-27

I am looking for parameters to setup Okta-LADP with EcoStruxure. I know OAuth Okta is not supported but I was hoping to setup with LDAP. Has anyone had success setting this up?

Cory_McDonald · ‎2024-08-29

Hello @username-required,

For Data Center Expert, all testing and integration is done using OpenLDAP specifically. That doesn't mean that some other LDAP authentication setup may not work, but it would be unsupported by technical support if an issue were to arise.

For EcoStruxure IT Expert there are only two methods of authentication supported today which would be authenticating with the application (default) or by setting up SAML SSO. Details on setting up SAML SSO can be found within the Help Center: https://community.se.com/t5/Single-Sign-On-SSO/tkb-p/single-sign-on Authenticating using LDAP is not currently supported.

If you provide additional details on your setup, specifically which EcoStruxure IT software you are trying to integrate with, others in the community may be able to provide additional feedback to you.

Kind Regards,

Cory

username-required · ‎2024-09-03

I miss-spoke. Okta does use OpenLDAP. no matter what settings I use in OpenLDAP i get an configuration error message. I've copied setting from a different OpenLDAP enabled device which works perfect, using the same base DN and other settings. When I change the port/IP of the ldap server it fails so I know at the very least it is contacting the OpenLDAP okta server

but nothing seems to work.

username-required · ‎2024-09-03

I miss-spoke, I am using Okta's OpenLDAP service. which I have used with other devices using OpenLDAP. I have confirmed via logs that the DCE Client is able to connect to the OpenLDAP service within Okta. but each time I attempt to go past the attached page it fails telling me to check setting.

It has to be either my bind User DN or Search base is wrong, but these according to doc and other services using the same connection string, should be correct.

Cory_McDonald · ‎2024-09-05

Hello @username-required,

I don't have direct experience with LDAP, but I can provide a few things to check and try:

Check the NBC log that is located in the top-right of the web interface of Data Center Expert. You may see log files similar to the following or sometimes in more specific errors to help troubleshoot the connection
Try changing the UID in the Bind User DN field to CN=oktaldap,.... (I'm assuming that this is a confirmed username that can log in via other systems as well). I haven't seen a UID be used, but I have seen a CN be used for defining the BINDs.
If you are using SSL you will need to add the SSL certificate of the OpenLDAP server within DCE under System menu > Server Administration Settings > Server SSL Certificates.

Regards,

Cory