|Article Number: 534896||Article Version: 2||Article Type: Break Fix|
ECS Appliance,Elastic Cloud Storage
Customer is trying to simplify user management by allowing login (and ultimately S3 self service key creation) to using the AD attribute "sAMAccountName".
This will be configured at namespace level (Manage > Namespace)
Once two comma separated values are configured, the key self service is failing with below shown errors.
If they are used separately (only one value configured), each of them is working.
The first login is when there is only one entry (a Token is created):
[user@client ~]$ curl -I -s https://$MANAGEMENT_ENDPOINT/login -u "$MANAGEMENT_USER:$MANAGEMENT_PASSWORD"HTTP/1.1 200 OKDate: Fri, 17 May 2019 07:57:29 GMTContent-Type: application/xmlContent-Length: 0Connection: keep-aliveX-SDS-AUTH-TOKEN: BAAcbmZXWHBVcVh5U2UrNjY3YkFkNnJuRHV5a2xzPQMAjAQASHVybjpzdG9yYWdlb31YzNkMWYzYzRjMwIADTE1NTgwMzE5NjQyODMDAC51cm46VG9rZW46Y2MzNTMwMT1M6VmlydHVhbERhdGFDZW50ZXJEYXRhOjFmMTQyOTExLTM4NzktNGI3OC1hYWFkLTItMjA4Mi00OTRiLTlhMWUtOWRkZjBlMDQ2NjIwAgAC0A8=
The second one is when there is a comma separated values (not working, HTTP 500 Error):
[user@client ~]$ curl -I -s https://$MANAGEMENT_ENDPOINT/login -u "$MANAGEMENT_USER:$MANAGEMENT_PASSWORD"HTTP/1.1 500 Internal Server ErrorDate: Fri, 17 May 2019 07:57:49 GMTContent-Type: text/html;charset=iso-8859-1Content-Length: 261Connection: keep-aliveCache-Control: must-revalidate,no-cache,no-store
Third login is again only one entry, the 2nd one (a Token is created again):
[user@client ~]$ curl -I -s https://$MANAGEMENT_ENDPOINT/login -u "$MANAGEMENT_USER:$MANAGEMENT_PASSWORD"HTTP/1.1 200 OKDate: Wed, 22 May 2019 12:25:32 GMTContent-Type: application/xmlContent-Length: 0Connection: keep-aliveX-SDS-AUTH-TOKEN: BAAcWXV2QXpjTDVnd016dW9Tc3hWWXd6NUI4elBvPQMAjAQASHVybjpzdG9yYWdlb31YzNkMWYzYzRjMwIADTE1NTg0NjM5NjQzNzEDAC51cm46VG9rZW46Nzc0NDI1MmUt1M6VmlydHVhbERhdGFDZW50ZXJEYXRhOjFmMTQyOTExLTM4NzktNGI3OC1hYWFkLTIDQyNi00OGRlLWFhMTctNjMzZmNiNzY0NTJhAgAC0A8=
A bug has been discovered, causing S3 key self service not working as expected when comma separated values are used in domain attributes.
The root cause of this bug is currently not known and is still being investigated by Dell EMC ECS Development.
A workaround to mitigate the issue is to create an Active Directory (AD) group where all users that will be utilizing ECS can be added.
Please contact your AD admin or team to create an AD group that can be used and ensure all appropriate users are added.
For adding this group to ECS:
After ECS Namespace is configured with the group, users can be added/removed through AD group without any changes to ECS.
Subscribe to product updates
You can subscribe to updates by following the instructions in the Knowledge Article below:
DELL EMC: How to subscribe to Product Pages - Dell EMC Support?