ECS: Comma separated values in domain attributes for S3 key self service is not working


   Article Number:     534896                                   Article Version: 2     Article Type:    Break Fix 




ECS Appliance,Elastic Cloud Storage





Customer is trying to simplify user management by allowing login (and ultimately S3 self service key creation) to using the AD attribute "sAMAccountName".   
    This will be configured at namespace level (Manage > Namespace)   
    Once two comma separated values are configured, the key self service is failing with below shown errors.   
    If they are used separately (only one value configured), each of them is working.   
    User-added image   
    The first login is when there is only one entry (a Token is created):   

[user@client ~]$ curl -I -s https://$MANAGEMENT_ENDPOINT/login -u "$MANAGEMENT_USER:$MANAGEMENT_PASSWORD"HTTP/1.1 200 OKDate: Fri, 17 May 2019 07:57:29 GMTContent-Type: application/xmlContent-Length: 0Connection: keep-aliveX-SDS-AUTH-TOKEN: BAAcbmZXWHBVcVh5U2UrNjY3YkFkNnJuRHV5a2xzPQMAjAQASHVybjpzdG9yYWdlb31YzNkMWYzYzRjMwIADTE1NTgwMzE5NjQyODMDAC51cm46VG9rZW46Y2MzNTMwMT1M6VmlydHVhbERhdGFDZW50ZXJEYXRhOjFmMTQyOTExLTM4NzktNGI3OC1hYWFkLTItMjA4Mi00OTRiLTlhMWUtOWRkZjBlMDQ2NjIwAgAC0A8=    
    The second one is when there is a comma separated values (not working, HTTP 500 Error):   
[user@client ~]$ curl -I -s https://$MANAGEMENT_ENDPOINT/login -u "$MANAGEMENT_USER:$MANAGEMENT_PASSWORD"HTTP/1.1 500 Internal Server ErrorDate: Fri, 17 May 2019 07:57:49 GMTContent-Type: text/html;charset=iso-8859-1Content-Length: 261Connection: keep-aliveCache-Control: must-revalidate,no-cache,no-store    
    Third login is again only one entry, the 2nd one (a Token is created again):   
[user@client ~]$ curl -I -s https://$MANAGEMENT_ENDPOINT/login -u "$MANAGEMENT_USER:$MANAGEMENT_PASSWORD"HTTP/1.1 200 OKDate: Wed, 22 May 2019 12:25:32 GMTContent-Type: application/xmlContent-Length: 0Connection: keep-aliveX-SDS-AUTH-TOKEN: BAAcWXV2QXpjTDVnd016dW9Tc3hWWXd6NUI4elBvPQMAjAQASHVybjpzdG9yYWdlb31YzNkMWYzYzRjMwIADTE1NTg0NjM5NjQzNzEDAC51cm46VG9rZW46Nzc0NDI1MmUt1M6VmlydHVhbERhdGFDZW50ZXJEYXRhOjFmMTQyOTExLTM4NzktNGI3OC1hYWFkLTIDQyNi00OGRlLWFhMTctNjMzZmNiNzY0NTJhAgAC0A8=    






A bug has been discovered, causing S3 key self service not working as expected when comma separated values are used in domain attributes.                                                           






The root cause of this bug is currently not known and is still being investigated by Dell EMC ECS Development.   
    A workaround to mitigate the issue is to create an Active Directory (AD) group where all users that will be utilizing ECS can be added.   
    Please contact your AD admin or team to create an AD group that can be used and ensure all appropriate users are added.   
    For adding this group to ECS:   

  1.         Choose Manage -> Namespace -> Edit     
  3.         If not already done, click "Domain".      
  5.         Add the group name to the Groups field. As no attributes are needed, click the X next to the attributes field and it will close.     
  7.         Click Save.     
    User-added image   
    After ECS Namespace is configured with the group, users can be added/removed through AD group without any changes to ECS.   






Subscribe to product updates   
    You can subscribe to updates by following the instructions in the Knowledge Article below:   
    DELL EMC: How to subscribe to Product Pages - Dell EMC Support?