VxBlock: UCSM Making configuration changes to LDAP configuration
Summary: This document outlines how to successfully change an existing LDAP configuration in UCSM. There is an order of operations when modifying existing LDAP configurations which, if not performed, can cause any new modifications to fail. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
Goals
This document will outline how to successfully modify an existing LDAP configuration in UCSM.
Facts
To modify an existing LDAP configuration in UCSM, and it is failing to authenticate (or you are unable to find the LDAP server), it may be because you have tried to make changes without first disabling the Authentication Domain Realm under the Admin tab in UCSM. This can be observed from the CLI of the Fabric Interconnects when running the test aaa server command. If, when running this command, (and you are confident that your configuration is correct) you receive the error message "cannot find the LDAP server," (as per the example below) it may be because the FSM cannot complete the task.
If you want to change an LDAP configuration, you first must change the realm to LOCAL and then save the changes.
In the screenshot below, the Authentication Domain realm is currently set to LDAP.
Change the Realm to 'Local' and click Save Changes (as per the following example).
Once you have made this change, you could modify your LDAP configuration for this Authentication Domain. When finished, reverse the process, and change the Authentication Domain Realm back to LDAP. Do not forget to click Save Changes.
This document will outline how to successfully modify an existing LDAP configuration in UCSM.
Facts
To modify an existing LDAP configuration in UCSM, and it is failing to authenticate (or you are unable to find the LDAP server), it may be because you have tried to make changes without first disabling the Authentication Domain Realm under the Admin tab in UCSM. This can be observed from the CLI of the Fabric Interconnects when running the test aaa server command. If, when running this command, (and you are confident that your configuration is correct) you receive the error message "cannot find the LDAP server," (as per the example below) it may be because the FSM cannot complete the task.
CKVB340-B(nxos)# test aaa server ldap FQDN.OF.SERVER username password can not find the LDAP server CKVB340-B(nxos)#
You can check the FSM status from the command line of the Fabric Interconnect by using the following commands from the CLI of the fabric Interconnect:
# scope security # scope ldap # show fsm status
The following example shows the expected output. (In this example, the current task is at 53%. If you notice that this task does not complete, it could be an indication that you have not disabled the Authentication Domain Realm before making changes).
CKVB340-B# scope security scope ldapCKVB340-B /security # scope ldap CKVB340-B /security/ldap # sh fsm status FSM 1: Status: Update Ep Fail Previous Status: Update Ep Fail Timestamp: 2016-04-16T07:51:30.485 Try: 20 Progress (%): 53 Current Task: external aaa server configuration to secondary(FSM-STAGE:s am:dme:AaaEpUpdateEp:SetEpPeer) CKVB340-B /security/ldap #
Solution
If you want to change an LDAP configuration, you first must change the realm to LOCAL and then save the changes.
In the screenshot below, the Authentication Domain realm is currently set to LDAP.
Change the Realm to 'Local' and click Save Changes (as per the following example).
Once you have made this change, you could modify your LDAP configuration for this Authentication Domain. When finished, reverse the process, and change the Authentication Domain Realm back to LDAP. Do not forget to click Save Changes.
Affected Products
VxBlock and vBlock Systems SeriesProducts
VxBlock and Vblock SystemsArticle Properties
Article Number: 000205429
Article Type: How To
Last Modified: 19 Nov 2025
Version: 3
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.