Skip to content

UCS API and LDAP…That’s a letter salad

I recently ran into an issue with LDAP authentication to UCS for a Python script.

As a bit of background native authentication for the UCS GUI is set to default to LDAP accounts.  Native authentication for CLI access is set to default to local accounts because my LDAP servers are on UCS and chickens and eggs scare me.


In the script I used this to log in to UCS:

<aaaLogin inName=”LDAP-UCS-REPORT” inPassword=”PASSWORD” />
The user account is LDAP-UCS-REPORT, which is a member of the PROD domain.  Here is the error:
<aaaLogin cookie=”” response=”yes” errorCode=”551″ invocationResult=”unidentified-fail” errorDescr=”Authentication failed”> </aaaLogin>


We started troubleshooting by trying different combinations on the user name with LDAP domain integrated, and ensured the password only had letters and numbers:

All resulted in the same “551” error.


It turns out that the fix if fairly simple, but not necessarily intuitive or easy to find.  The domain needed to have ‘ucs-‘ appended to it for proper authentication.  The working call looked like this:
<aaaLogin inName=“ucs-Prod\LDAP-UCS-REPORT” inPassword=”PASSWORD” />

Script away my friends…


Published inUncategorized


  1. AlexWR AlexWR

    This post was a lifesaver – no other useful search results for this problem – I’m using UCSMSDK to automate our UCS vnic template changes and moving to prod from the lab was proving to be fairly irritating for auth.

    • Glad this post was helpful!

  2. test test

    Yes absolutely… this post was a day saver for me too.

Leave a Reply

Your email address will not be published. Required fields are marked *