Symptoms

After configured the LDAP server in SDNAS, the user might find that object lookups not working and/or they are receiving alerts related to connectivity. The user is unable to modify NAS server LDAP configuration in the UI of Unisphere for PowerMax v4. Most likely alerts like the following will be seen indicating the default LDAP schema configured for the NAS server client is incorrect: User container "cn=Users,ou=unix,dc=client,dc=factset,dc=com" was not found. The error indicates a NameErr with problem 2001 (NO_OBJECT). The best match found was "OU=Unix,DC=client,DC=factset,DC=com". Group container "cn=Users,ou=unix,dc=client,dc=factset,dc=com" was not found. The error is similar to the previous one, indicating a NameErr with problem 2001 (NO_OBJECT). The best match found was "OU=Unix,DC=client,DC=factset,DC=com". Customer Impact: Unable to lookup or map LDAP users properly.

Cause

If basic LDAP setup options are correct (server IP, bind DN, base DN, authentication) then it is likely modifications are needed to the ldap.conf for the NAS server to properly query the LDAP servers. SDNAS allows this modification, but, at the time of this KB creation, it is not possible to update this configuration via the UI. This KB documents how to do it via the Univmax REST API.

Resolution

Workaround Use the Univmax REST API, in this example via 'curl', to download, modify, and upload a proper LDAP configuration. Note, in the following example, the IP_ADDRESS is the Unisphere management address and the SYMM_ID is the ID of the PowerMax system which you can see at the top of the Universphere UI. Also, use the correct administrative username and password for management. 1. First, after enabling LDAP on a NAS server, find the ID of the ldap_service you are wanting to update- $ curl -u smc:smc -ks -X GET https://IP_ADDRESS:8443/univmax/restapi/100/file/symmetrix/SYMM_ID/ldap_service 2. Download the current configuration file. Make sure to use the name 'ldap.conf'. Sub the ID found above for LDAP_SERVICE_ID - $ curl -u smc:smc -ks -X GET https://IP_ADDRESS:8443/univmax/restapi/100/file/symmetrix/SYMM_ID/ldap_service/LDAP_SERVICE_ID/download/config > ldap.conf 3. Modify the ldap.conf file as needed via a text editor. 4. Upload the 'ldap.conf' file back to the NAS server - curl -u smc:smc -ks -X POST https://IP_ADDRESS:8443/univmax/restapi/100/file/symmetrix/SYMM_ID/ldap_service/LDAP_SERVICE_ID/upload/config --form 'config=@"ldap.conf"' 5. Verify it is there by deleting the current local 'ldap.conf' file and then redownloading it using the above command. Check to see that the changes made are present. ResolutionPowerMax Unisphere UI will be updated in future release to allow this via the UI.

Support Cases