Systems Management General

Last reply by 11-23-2022 Unsolved
Start a Discussion
1 Amber
1 Amber

iDRAC 7 and LDAP with password+totp pin login not working due to duplicate binding as user

Hi, we're trying to implement 2FA authentication onto our LDAP for our critical infrastructure including out-of-band management, but we hit a roadblock with iDRAC where it doesn't work as it's trying to reuse the same credentials multiple times (first for login, then for LDAP BIND, even when a dedicated Bind DN credentials are specified).

Is there a way how to make it work without credential reuse or make the second bind not use the credentials of the authenticating user (for example, specifying a search filter)?

LDAP Server we use is FreeIPA with Yubikey OTP.

Things tried:

  • iDRAC firmware is up to date
  • Tried soft and hard restart of the iDRAC
  • LDAP with just password login and no totp PIN works

Here's how the Generic LDAP Configuration and Management is setup with sensitive information replaced with placeholders:

Enable Generic LDAPYes
Use Distinguished Name to Search Group MembershipNo
LDAP Server
LDAP Server Port636 (LDAPS)
Bind DNuid=binduser,cn=sysaccounts,cn=etc,dc=domain,dc=example,dc=com
Update Bind Passwordyes
Bind Password 
Base DN to Searchcn=compat,dc=domain,dc=example,dc=com
Attribute of User Loginuid
Attribute of Group MembershipmemberUid
Search Filter 


Log from testing the LDAP connection with sensitive information replaced with placeholders:

16:34:47  Initiating Directory Services Settings Diagnostics:
16:34:47  trying LDAP server
16:34:47  Server Address resolved to
16:34:47  connect to passed
16:34:47  Connecting to ldaps://[]:636...
16:34:47  Test user authenticated user=uid=ldap_bind,cn=sysaccounts,cn=etc,dc=domain,dc=example,dc=com
16:34:47  Search command:
   Bind DN: uid=ldap_bind,cn=sysaccounts,cn=etc,dc=domain,dc=example,dc=com
   Scope: subtree
   Base DN: cn=compat,dc=domain,dc=example,dc=com
   Search filter: (
   Attribute list:
16:34:47  Connecting to ldaps://[]:636...
16:34:47  Test user authenticated,cn=users,cn=compat,dc=domain,dc=example,dc=com
###Here's where credentials are reused with the token that's invalid as it was already used for previous login
16:34:47  Connecting to ldaps://[]:636...
16:34:48  ERROR: bind failed: Invalid credentials, (null):,cn=users,cn=compat,dc=domain,dc=example,dc=com

Is there a way how to make this work?

Thank you 

Reply (1)


With this question I would suggest calling in to support and working with software support high complexity group, as it is likely going to take access to the systems.



Chris Hawk
Social Media and Communities Professional
Dell Technologies | Enterprise Support Services

Did I answer your query? Please click on ‘Accept as Solution’
‘Kudo’ the posts you like!
Latest Solutions
Top Contributor