VPLEX CLI directory service configuration fails

Environment:

EMC Hardware: VPLEX Series

EMC Hardware: VS1

EMC Hardware: VS2

EMC Hardware: VPLEX-Local

EMC Hardware: VPLEX-Metro

EMC Hardware: VPLEX-Geo

EMC Software: GeoSynchrony X.X

 

Description:

VPLEX CLI directory service configuration fails.

Post directory service configuration, LDAP/AD server users are not able to login to VPLEX management server.

 

Directory service configuration fails on LDAP/AD server in one of the following conditions:

  • userSearchPath provided is a Container or a Base DN. In the below example, "CN=Users" is a container. When userSearchPath and the -r option is set with containers path (-r " CN=Users,DC=vplex,DC=local"), the command fails as shown below.
  • Bind DN, map-user, or map-group has special/complex character and/or space in it. In the below example, there is a space in the mapped user "CN=Test User1".
  • Bind password has special characters in it. The configuration command doesn't throw any error. But, directory-service (LDAP/AD configuration) would not be configured. Please note that Bind password is not visible to the user. If bind password has $ or ! or ' (single quote) or " (double quote) in it, this issue is seen.
  • The directory server (LDAP/AD) is not configured for SSL and the customer tries to configure directory-service using VPLEX CLI command using connection type of "LDAP" ("-t" option is not specified or is set to "1").

 

LDAP/Active Directory users not able to login to VPLEX Management Server.

The UNIX attributes mapped in the directory-service configuration VPLEX CLI command do not match the LDAP server (case sensitive). For example, note that the UNIX attribute mapping in the example below are not case sensitive and does not match the case of the directory server (LDAP/AD). The homeDirectory attribute mapping name should be 'unixHomeDirectory' and not 'unixhomedirectory'.

 

Resolution:

VPlex Engineering have developed a standalone tool that can be deployed on affected VPlex systems. The tool "VPLEXDirectoryServiceConfiguration.bin" can be used to configure directory service in the specified environment. For a detailed step by step resolution please refer to EMC Support Solution 463402. https://support.emc.com/kb/457709