I recently ran into an issue with LDAP authentication to UCS for a Python script.
As a bit of background native authentication for the UCS GUI is set to default to LDAP accounts. Native authentication for CLI access is set to default to local accounts because my LDAP servers are on UCS and chickens and eggs scare me.
In the script I used this to log in to UCS:
<aaaLogin inName=”LDAP-UCS-REPORT” inPassword=”PASSWORD” />
The user account is LDAP-UCS-REPORT, which is a member of the PROD domain. Here is the error:
<aaaLogin cookie=”” response=”yes” errorCode=”551″ invocationResult=”unidentified-fail” errorDescr=”Authentication failed”> </aaaLogin>
We started troubleshooting by trying different combinations on the user name with LDAP domain integrated, and ensured the password only had letters and numbers:
LDAP-UCS-REPORT
Prod\LDAP-UCS-REPORT
LDAP-UCS-REPORT@Prod
All resulted in the same “551” error.
It turns out that the fix if fairly simple, but not necessarily intuitive or easy to find. The domain needed to have ‘ucs-‘ appended to it for proper authentication. The working call looked like this:
<aaaLogin inName=“ucs-Prod\LDAP-UCS-REPORT” inPassword=”PASSWORD” />
Script away my friends…
This post was a lifesaver – no other useful search results for this problem – I’m using UCSMSDK to automate our UCS vnic template changes and moving to prod from the lab was proving to be fairly irritating for auth.