LDAP Configuration in netapp

vemus — Thu, 06 Feb 2025 13:52:02 GMT

Hi Everyone,

We’re facing an issue while configuring LDAP on a NetApp array (version 9.16) and need some guidance. Here’s the procedure and details of what we’ve tried so far:

LDAP Server Details:

LDAP Server IP: 10.x.x.x
LDAP User Name: DEV1
LDAP User Password: XXXXX
LDAP Connection Password: XXXXX
DN: CN=DEV1,CN=Users,DC=powerh,DC=com
Port: 389

Steps Taken:

SSH :

We successfully created the LDAP client via the following command:

vserver services name-service ldap client create -vserver svm_power -client-config power -ad-domain powerh.com -schema MS-AD-BIS -port 389 -query-timeout 3 -min-bind-level simple -bind-dn CN=DEV1,CN=Users,DC=powerh,DC=com -bind-password xxxxxx -base-dn DC=powerh,DC=com -base-scope subtree -preferred-ad-servers 10.x.x.x

Error When Running the Following Command:

vserver services name-service ldap create -vserver svm_power -client-config power -client-enabled true

We encounter the error:

Error: Validate the LDAP configuration procedure failed. [ 0 ms] TCP connection to IP 10.x.x.x, port 389 failed: Network is unreachable. [ 1] LDAP search for the "dnsHostName" attribute(s) within base "" (scope: 0) using filter "(objectClass=*)" failed with error: Can't contact LDAP server **[ 5] FAILURE: Unable to contact DNS to discover domain controllers. [ 5] Unable to make a connection (LDAP (NIS & Name Mapping)): Result: RESULT_ERROR_DNS_CANT_REACH_SERVER Error: command failed: The LDAP client configuration "power" for Vservers "svm_power" is an invalid configuration.

GUI Configuration:

Navigated to Storage > Storage VMs > <vserver name> > Settings.
Tried configuring LDAP under the LDAP Configuration section, but the error persists across both SVM and Cluster-level configurations.

Issue Summary: We are unable to configure the LDAP client in NetApp, even though we’ve tried both the GUI and SSH methods. The error indicates network-related issues with the connection to the LDAP server, specifically a failure to contact DNS and reach the LDAP server at port 389.

Questions:

Are there any additional configuration steps we might have missed in the NetApp LDAP setup?
Could the issue be related to network settings, such as firewall rules, or DNS configurations?
Is there a recommended troubleshooting approach for this scenario?

Any insights or suggestions would be greatly appreciated!

Thanks in advance!

Re: LDAP Configuration in netapp

TMACMD — Thu, 06 Feb 2025 17:25:26 GMT

Network unreachable usually indicates a routing issue. Does the vserver have a gateway defined? Can you ping the ldap server from inside the svm?

Re: LDAP Configuration in netapp

vemus — Fri, 07 Feb 2025 05:54:51 GMT

Hi @TMACMD ,
Able to ping the ldap server from svm
netapp-c1::> net ping -node nodename -vserver vservername -destination 10.x.x.x
(network ping)
10.x.x.x is alive

Re: LDAP Configuration in netapp

chenguanghui — Fri, 07 Feb 2025 08:22:18 GMT

hello:

It looks like there is no domain controller created and DNS is not created or configured incorrectly. If there is no configuration, it needs to be configured. The following article I hope can help you

https://docs.netapp.com/zh-cn/ontap/nfs-config/using-ldap-concept.html

Best regards!

topic LDAP Configuration in netapp in ONTAP Discussions

LDAP Configuration in netapp

Re: LDAP Configuration in netapp

Re: LDAP Configuration in netapp

Re: LDAP Configuration in netapp