Testing the LDAP Configuration

After configuring LDAP, you should test it by using either the Element UI or the Element API TestLdapAuthentication method.

Procedure

  1. To test the LDAP configuration with the Element UI, do the following:
    1. Click Cluster > LDAP.
    2. Click Test LDAP Authentication.
    3. Resolve any issues by using the information in the table below:
      Error message Description

      xLDAPUserNotFound

      • The user being tested was not found in the configured userSearchBaseDN subtree.
      • The userSearchFilter is configured incorrectly.

      xLDAPBindFailed (Error: Invalid credentials)

      • The username being tested is a valid LDAP user, but the password provided is incorrect.
      • The username being tested is a valid LDAP user, but the account is currently disabled.

      xLDAPSearchBindFailed (Error: Can’t contact LDAP server)

      The LDAP server URI is incorrect.

      xLDAPSearchBindFailed (Error: Invalid credentials)

      The read-only username or password is configured incorrectly.

      xLDAPSearchFailed (Error: No such object)

      The userSearchBaseDN is not a valid location within the LDAP tree.

      xLDAPSearchFailed (Error: Referral)

      • The userSearchBaseDN is not a valid location within the LDAP tree.
      • The userSearchBaseDN and groupSearchBaseDN are in a nested OU. This can cause permission issues. The workaround is to include the OU in the user and group base DN entries, (for example: ou=storage, cn=company, cn=com)
  2. To test the LDAP configuration with the Element API, do the following:
    1. Call the TestLdapAuthentication method.
      {
        "method":"TestLdapAuthentication",
           "params":{
              "username":"admin1",
              "password":"admin1PASS
            },
            "id": 1
      }
    2. Review the results. If the API call is successful, the results include the specified user's distinguished name and a list of groups in which the user is a member.
      {
      "id": 1
           "result": {
               "groups": [
                    "CN=StorageMgmt,OU=PTUsers,DC=prodtest,DC=solidfire,DC=net"
               ],
               "userDN": "CN=Admin1 Jones,OU=PTUsers,DC=prodtest,DC=solidfire,DC=net"
           }
      }