Isilon problem with empty list users from LDAP server

Hello alex087,

The best place to look for issues on the cluster for this is the lsassd.log file that is in /var/log. Do you see any errors in this file?

Hello!

In the lsassd.log file a lot of errors:

2016-04-06T09:39:10+05:00 <30.4> mycluster-1 lsass[2191]: [lsass] Error occured while enumerating objects in ldap server (test). Received error: 40150 (LW_ERROR_INVALID_ATTRIBUTE_VALUE)

Hello,

Based on what I have been able to find, this is more than likely because your LDAP provider is missing (or has an extraneous) attribute. We recently started working on troubleshooting guides for our customers and community members! Have you had a chance to look at the one for LDAP?

http://www.emc.com/collateral/TechnicalDocument/docu63147.pdf

Should you not be able to solve your problem, there are steps in this guide to gather information for support. To create a service request, you have a few options:

1. Log in to your online account on support.emc.com and go to this page: https://support.emc.com/servicecenter/createSR

2. Engage an Isilon Support engineer directly through Live Chat Support: https://support.emc.com/servicecenter/liveChat/

3. Call in to EMC Isilon Support at 1-800-782-4362 (For a complete local country dial list, please see this document: http://www.emc.com/collateral/contact-us/h4165-csc-phonelist-ho.pdf

Please let me know if there is anything else I can do for you!

Hello!

Answer from LDAP Server:

LDAPMessage searchResEntry(4) "CN=alex,CN=Users,DC=test,DC=local" [8 results]

    messageID: 4

    protocolOp: searchResEntry (4)

        searchResEntry

            objectName: CN=alex,CN=Users,DC=test,DC=local

            attributes: 3 items

                PartialAttributeList item sAMAccountName

                    type: sAMAccountName

                    vals: 1 item

                        AttributeValue: alex

                PartialAttributeList item uid

                    type: uid

                    vals: 1 item

                        AttributeValue: 123

                PartialAttributeList item mail

                    type: mail

                    vals: 1 item

                        AttributeValue: alex@test.local

    [Response To: 15]

    [Time: 0.086940000 seconds]

I have not found a solution my problem in docu63147.pdf.

I don't have contract for support Isilon (

Could you verify the "required user attributes" as shown in Appendix D of the troubleshooting guide?

Your LDAP attributes mappings look "interesting", how did you arrive at these settings? And, probably most important, do you have SFU = Windows services for UNIX installed and configured on your 2008 server?

Cheers

-- Peter

Hello!

Standard windows user not have UID, GID, Home Directory, Shell attributes.

"Your LDAP attributes mappings look "interesting", how did you arrive at these settings?"

Experimental way.

I installed Windows services for UNIX.

After installed Windows services for UNIX:

searchResEntry

    objectName: CN=alex,CN=Users,DC=test,DC=local

    attributes: 5 items

        PartialAttributeList item uid

            type: uid

            vals: 1 item

                AttributeValue: alex

        PartialAttributeList item mail

            type: mail

            vals: 1 item

                AttributeValue: alex@test.local

        PartialAttributeList item uidNumber

            type: uidNumber

            vals: 1 item

                AttributeValue: 10000

        PartialAttributeList item gidNumber

            type: gidNumber

            vals: 1 item

                AttributeValue: 1212

        PartialAttributeList item loginShell

            type: loginShell

            vals: 1 item

                AttributeValue: /bin/sh

What does your query look like for a user object, group object, etc.

Looks reasonable now -- does it work for you?

It is not work.

Hello,

i had the same issue. You have to add values to the need attributes. Than it is working.