PowerStore: Specific LDAP user(s) unable to login to PowerStore GUi with general authentication error from GUI and "No unique from logs"
Summary: PowerStore: Specific LDAP user(s) unable to login to PowerStore GUI with general authentication error from GUI and "Not unique" from logs
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
Some users are able to login while other users are unable to login.
Customer has more than one account in the main domain and/or subdomain. Example:
search path example:
LDAP error found in the the logs:
Customer has more than one account in the main domain and/or subdomain. Example:
Joe Doe is part of main domain example.com
Joe Doe is also part of subdomain sub.example.com (this is a subdomain of example.com)
User search path is configured to global domain search the domain and attribute is sAMAccountName.
search path example:
dc=example,dc=com
LDAP authentication failed: LDAP account search for [user account]com error:Ldap Search Error: Not Unique
Cause
The issue is caused by the AD configuration where the user(s) is found twice in either the main domain or subdomain when the search attribute is sAMAccountName.
Resolution
It is recommended to specify the search path for user and group to a specific organization unit (OU) or directory rather than a global search. If the LDAP environment does not support this because users are located in different OU, changing the attribute ID from sAMAccountName to userPrincipalName from LDAP advance setting will solve this issue.
NOTE: User will need to login using full qualify domain name (FQDN) Joe_Doe@example.com.
How to change Attribute ID for LDAP user search path before 3.5 code
1. Login to PowerStore GUI
2. Click on setting on top right
3. On the left panel scroll down until you find directory service
4. Click on edit LDAP configuration
5. On the corner left you will see advance settings, click on the blue link
6. Find attribute ID below search path. by default the value is sAMAccountName
7. Change the value to userPrincipalName
8. Verify connection and re-attempt
How to change Attribute ID for LDAP user search path on 3.5 code or later
1. Login to PowerStore GUI
2. Click on setting on top right
3. On the left panel scroll down until you find authentication under security
4. Click on edit LDAP configuration
5. On the corner left you will see advance settings, click on the blue link
6. Find attribute ID below search path. by default the value is sAMAccountName
7. Change the value to userPrincipalName
8. Verify connection and re-attempt
NOTE: User will need to login using full qualify domain name (FQDN) Joe_Doe@example.com.
How to change Attribute ID for LDAP user search path before 3.5 code
1. Login to PowerStore GUI
2. Click on setting on top right
3. On the left panel scroll down until you find directory service
4. Click on edit LDAP configuration
5. On the corner left you will see advance settings, click on the blue link
6. Find attribute ID below search path. by default the value is sAMAccountName
7. Change the value to userPrincipalName
8. Verify connection and re-attempt
How to change Attribute ID for LDAP user search path on 3.5 code or later
1. Login to PowerStore GUI
2. Click on setting on top right
3. On the left panel scroll down until you find authentication under security
4. Click on edit LDAP configuration
5. On the corner left you will see advance settings, click on the blue link
6. Find attribute ID below search path. by default the value is sAMAccountName
7. Change the value to userPrincipalName
8. Verify connection and re-attempt
Affected Products
Entry Level & Midrange, PowerStore, PowerStore 1000X, PowerStore 1000T, PowerStore 1200T, PowerStore 3000X, PowerStore 3000T, PowerStore 3200T, PowerStore 5000X, PowerStore 5000TProducts
Storage, PowerStore 500T, PowerStore 5200T, PowerStore 7000X, PowerStore 7000T, PowerStore 9000X, PowerStore 9000T, PowerStore 9200T, PowerStoreOSArticle Properties
Article Number: 000215510
Article Type: Solution
Last Modified: 29 Sept 2023
Version: 2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.