VxBlock: UCSM Making configuration changes to LDAP configuration

Summary: This document outlines how to successfully change an existing LDAP configuration in UCSM. There is an order of operations when modifying existing LDAP configurations which, if not performed, can cause any new modifications to fail. ...

Acest articol se aplică pentru Acest articol nu se aplică pentru Acest articol nu este legat de un produs specific. Acest articol nu acoperă toate versiunile de produs existente.
Consultați alte resurse

Instructions

Goals

This document will outline how to successfully modify an existing LDAP configuration in UCSM.

Facts

To modify an existing LDAP configuration in UCSM, and it is failing to authenticate (or you are unable to find the LDAP server), it may be because you have tried to make changes without first disabling the Authentication Domain Realm under the Admin tab in UCSM. This can be observed from the CLI of the Fabric Interconnects when running the test aaa server command. If, when running this command, (and you are confident that your configuration is correct) you receive the error message "cannot find the LDAP server," (as per the example below) it may be because the FSM cannot complete the task. 
CKVB340-B(nxos)# test aaa server ldap FQDN.OF.SERVER username password
can not find the LDAP server
CKVB340-B(nxos)#
 
You can check the FSM status from the command line of the Fabric Interconnect by using the following commands from the CLI of the fabric Interconnect: 
# scope security
# scope ldap
# show fsm status
 
The following example shows the expected output. (In this example, the current task is at 53%. If you notice that this task does not complete, it could be an indication that you have not disabled the Authentication Domain Realm before making changes). 
CKVB340-B# scope security
scope ldapCKVB340-B /security # scope ldap
CKVB340-B /security/ldap # sh fsm status
    FSM 1:
        Status: Update Ep Fail
        Previous Status: Update Ep Fail
        Timestamp: 2016-04-16T07:51:30.485
        Try: 20
        Progress (%): 53
        Current Task: external aaa server configuration to secondary(FSM-STAGE:s
am:dme:AaaEpUpdateEp:SetEpPeer)
CKVB340-B /security/ldap #
 
Solution

If you want to change an LDAP configuration, you first must change the realm to LOCAL and then save the changes.
In the screenshot below, the Authentication Domain realm is currently set to LDAP.
Authentication Domain



Change the Realm to 'Local' and click Save Changes (as per the following example).
Realm is set to Local

Once you have made this change, you could modify your LDAP configuration for this Authentication Domain. When finished, reverse the process, and change the Authentication Domain Realm back to LDAP. Do not forget to click Save Changes.

Produse afectate

VxBlock and vBlock Systems Series

Produse

VxBlock and Vblock Systems
Proprietăți articol
Article Number: 000205429
Article Type: How To
Ultima modificare: 19 nov. 2025
Version:  3
Găsiți răspunsuri la întrebările dvs. de la alți utilizatori Dell
Servicii de asistență
Verificați dacă dispozitivul dvs. este acoperit de serviciile de asistență.