Unsolved
This post is more than 5 years old
11 Posts
0
5993
Isilon problem with empty list users from LDAP server
Hello!
I have Isilon simulator with OneFS 8.0
I created auth provider LDAP for Windows Server 2008 R2.
I go to Access - Membership and Roles, select LDAP provider and I don't see any users.
Wireshark show that LDAP server sent users to Isilon.
johnsonka
130 Posts
0
April 5th, 2016 05:00
Hello alex087,
The best place to look for issues on the cluster for this is the lsassd.log file that is in /var/log. Do you see any errors in this file?
alex087
11 Posts
0
April 5th, 2016 21:00
Hello!
In the lsassd.log file a lot of errors:
2016-04-06T09:39:10+05:00 <30.4> mycluster-1 lsass[2191]: [lsass] Error occured while enumerating objects in ldap server (test). Received error: 40150 (LW_ERROR_INVALID_ATTRIBUTE_VALUE)
johnsonka
130 Posts
0
April 7th, 2016 11:00
Hello,
Based on what I have been able to find, this is more than likely because your LDAP provider is missing (or has an extraneous) attribute. We recently started working on troubleshooting guides for our customers and community members! Have you had a chance to look at the one for LDAP?
http://www.emc.com/collateral/TechnicalDocument/docu63147.pdf
Should you not be able to solve your problem, there are steps in this guide to gather information for support. To create a service request, you have a few options:
1. Log in to your online account on support.emc.com and go to this page: https://support.emc.com/servicecenter/createSR
2. Engage an Isilon Support engineer directly through Live Chat Support: https://support.emc.com/servicecenter/liveChat/
3. Call in to EMC Isilon Support at 1-800-782-4362 (For a complete local country dial list, please see this document: http://www.emc.com/collateral/contact-us/h4165-csc-phonelist-ho.pdf
Please let me know if there is anything else I can do for you!
alex087
11 Posts
0
April 7th, 2016 21:00
Hello!
Answer from LDAP Server:
LDAPMessage searchResEntry(4) "CN=alex,CN=Users,DC=test,DC=local" [8 results]
messageID: 4
protocolOp: searchResEntry (4)
searchResEntry
objectName: CN=alex,CN=Users,DC=test,DC=local
attributes: 3 items
PartialAttributeList item sAMAccountName
type: sAMAccountName
vals: 1 item
AttributeValue: alex
PartialAttributeList item uid
type: uid
vals: 1 item
AttributeValue: 123
PartialAttributeList item mail
type: mail
vals: 1 item
AttributeValue: alex@test.local
[Response To: 15]
[Time: 0.086940000 seconds]
I have not found a solution my problem in docu63147.pdf.
I don't have contract for support Isilon (
Peter_Sero
1.2K Posts
0
April 8th, 2016 03:00
Could you verify the "required user attributes" as shown in Appendix D of the troubleshooting guide?
Your LDAP attributes mappings look "interesting", how did you arrive at these settings? And, probably most important, do you have SFU = Windows services for UNIX installed and configured on your 2008 server?
Cheers
-- Peter
alex087
11 Posts
0
April 11th, 2016 00:00
Hello!
Standard windows user not have UID, GID, Home Directory, Shell attributes.
"Your LDAP attributes mappings look "interesting", how did you arrive at these settings?"
Experimental way.
I installed Windows services for UNIX.
alex087
11 Posts
0
April 11th, 2016 00:00
After installed Windows services for UNIX:
searchResEntry
objectName: CN=alex,CN=Users,DC=test,DC=local
attributes: 5 items
PartialAttributeList item uid
type: uid
vals: 1 item
AttributeValue: alex
PartialAttributeList item mail
type: mail
vals: 1 item
AttributeValue: alex@test.local
PartialAttributeList item uidNumber
type: uidNumber
vals: 1 item
AttributeValue: 10000
PartialAttributeList item gidNumber
type: gidNumber
vals: 1 item
AttributeValue: 1212
PartialAttributeList item loginShell
type: loginShell
vals: 1 item
AttributeValue: /bin/sh
puppyjohn83
2 Posts
0
April 11th, 2016 15:00
What does your query look like for a user object, group object, etc.
Peter_Sero
1.2K Posts
0
April 11th, 2016 19:00
Looks reasonable now -- does it work for you?
alex087
11 Posts
0
April 11th, 2016 20:00
It is not work.
gdecke
5 Posts
0
December 2nd, 2022 02:00
Hello,
i had the same issue. You have to add values to the need attributes. Than it is working.