Symptoms

Log in to PowerStore Manager fails for OpenLDAP users that inherit access permissions from a user group on PowerStoreOS version 4.1. Log in is allowed if access is added to the specific OpenLDAP user. Verify the current Authentication configuration in the PowerStore Manager settings: Settings, Security, Authentication -> Edit LDAP Configuration Verify Server Type is OpenLDAPAdvanced Settings, Group Search Settings - Member Attribute is set to memberUid Settings, Security, Users - LDAP The assigned Permission Type is a Group permission After an unsuccessful login attempt with the openLDAP user, verify Audit logs: Settings, Security, Audit Logs Filter User to the openLDAP user that tried to log in (user@domain.com)Verify that password authentication was successful, but Authorization failed: User "user@domain.com" logged in successfully using password authenticationAuthorization failed for the user account: user@domain.com, while requesting....

Cause

The user is able to authenticate with the openLDAP server, but PowerStore is unable to get the user group memberships.

Resolution

There are two possible workarounds available: Assign user-based access permissions on the PowerStore, in Settings, Security, Users - LDAPChange the member Attribute in openLDAP and the PowerStore LDAP settings to uniqueMember instead of memberUid. This setting has to be changed in both PowerStore, Settings, Security, Authentication -> Edit LDAP Configuration Advanced Settings, Group Search Settings, Member AttributeThe openLDAP server, in the respective user group settings This issue will be fixed in a future release of PowerStoreOS

Support Cases