PowerFlex: LDAP users cannot log in to PFMP UI when part of the Protected Users group in AD
Summary: LDAP users are unable to authenticate to PFMP when their AD account is a member of the 'Protected Users' AD group.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
PFMP is configured for LDAP, and a user who is a member of an AD group added to PFMP is unable to authenticate when logging into the UI. The group and the impacted user are visible in the keycloak. The impacted user's AD account is in good standing, and the password credentials are valid.
Some users who are members of the same group may be able to log in to the UI without issue.
keycloak pod log (look at both keycloak-0 and keycloak-1):
2025-06-02 15:17:18,781 WARN [org.keycloak.events] (executor-thread-625) type=LOGIN_ERROR, realmId=9bfa2050-b67d-41b2-a6f9-20002994976c, clientId=compositeAdapter, userId=b1bbbe2f-a314-41d7-9e3b-68db0b162931, ipAddress=x.x.x.x, error=invalid_user_credentials, auth_method=openid-connect, auth_type=code, redirect_uri=https://domain.com/pfblock/dashboard, code_id=73b87c39-8c2d-4b94-885d-61b429ba0381, username=testusernameImpact
Impacted users are unable to log in to the PFMP UI using LDAP.
Cause
The impacted user is a member of the 'Protected Users' AD group. This group membership impacts normal LDAP authentication and authorization when logging into the PFMP UI.
Resolution
|
Remove impacted users from the 'Protected Users' AD group. |
Affected Products
PowerFlex rack, ScaleIOArticle Properties
Article Number: 000342812
Article Type: Solution
Last Modified: 30 Jul 2025
Version: 3
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.