VxBlock: UCSM Making configuration changes to LDAP configuration

Résumé: This document outlines how to successfully change an existing LDAP configuration in UCSM. There is an order of operations when modifying existing LDAP configurations which, if not performed, can cause any new modifications to fail. ...

Cet article concerne Cet article ne concerne pas Cet article n’est associé à aucun produit spécifique. Toutes les versions du produit ne sont pas identifiées dans cet article.
Consulter d’autres ressources

Instructions

Goals

This document will outline how to successfully modify an existing LDAP configuration in UCSM.

Facts

To modify an existing LDAP configuration in UCSM, and it is failing to authenticate (or you are unable to find the LDAP server), it may be because you have tried to make changes without first disabling the Authentication Domain Realm under the Admin tab in UCSM. This can be observed from the CLI of the Fabric Interconnects when running the test aaa server command. If, when running this command, (and you are confident that your configuration is correct) you receive the error message "cannot find the LDAP server," (as per the example below) it may be because the FSM cannot complete the task. 
CKVB340-B(nxos)# test aaa server ldap FQDN.OF.SERVER username password
can not find the LDAP server
CKVB340-B(nxos)#
 
You can check the FSM status from the command line of the Fabric Interconnect by using the following commands from the CLI of the fabric Interconnect: 
# scope security
# scope ldap
# show fsm status
 
The following example shows the expected output. (In this example, the current task is at 53%. If you notice that this task does not complete, it could be an indication that you have not disabled the Authentication Domain Realm before making changes). 
CKVB340-B# scope security
scope ldapCKVB340-B /security # scope ldap
CKVB340-B /security/ldap # sh fsm status
    FSM 1:
        Status: Update Ep Fail
        Previous Status: Update Ep Fail
        Timestamp: 2016-04-16T07:51:30.485
        Try: 20
        Progress (%): 53
        Current Task: external aaa server configuration to secondary(FSM-STAGE:s
am:dme:AaaEpUpdateEp:SetEpPeer)
CKVB340-B /security/ldap #
 
Solution

If you want to change an LDAP configuration, you first must change the realm to LOCAL and then save the changes.
In the screenshot below, the Authentication Domain realm is currently set to LDAP.
Authentication Domain



Change the Realm to 'Local' and click Save Changes (as per the following example).
Realm is set to Local

Once you have made this change, you could modify your LDAP configuration for this Authentication Domain. When finished, reverse the process, and change the Authentication Domain Realm back to LDAP. Do not forget to click Save Changes.

Produits concernés

VxBlock and vBlock Systems Series

Produits

VxBlock and Vblock Systems
Propriétés de l’article
Numéro d’article: 000205429
Type d’article: How To
Dernière modification: 19 nov. 2025
Version:  3
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
Services de support
Vérifiez si votre appareil est couvert par les services de support.