Skip to content

UCS API and LDAP…That’s a letter salad

I recently ran into an issue with LDAP authentication to UCS for a Python script.

As a bit of background native authentication for the UCS GUI is set to default to LDAP accounts.  Native authentication for CLI access is set to default to local accounts because my LDAP servers are on UCS and chickens and eggs scare me.

aliens

In the script I used this to log in to UCS:

<aaaLogin inName=”LDAP-UCS-REPORT” inPassword=”PASSWORD” />
The user account is LDAP-UCS-REPORT, which is a member of the PROD domain.  Here is the error:
<aaaLogin cookie=”” response=”yes” errorCode=”551″ invocationResult=”unidentified-fail” errorDescr=”Authentication failed”> </aaaLogin>

 

We started troubleshooting by trying different combinations on the user name with LDAP domain integrated, and ensured the password only had letters and numbers:
LDAP-UCS-REPORT
Prod\LDAP-UCS-REPORT
LDAP-UCS-REPORT@Prod

All resulted in the same “551” error.

pcloadletter

It turns out that the fix if fairly simple, but not necessarily intuitive or easy to find.  The domain needed to have ‘ucs-‘ appended to it for proper authentication.  The working call looked like this:
<aaaLogin inName=“ucs-Prod\LDAP-UCS-REPORT” inPassword=”PASSWORD” />

Script away my friends…

code

Published inUncategorized

One Comment

  1. AlexWR AlexWR

    This post was a lifesaver – no other useful search results for this problem – I’m using UCSMSDK to automate our UCS vnic template changes and moving to prod from the lab was proving to be fairly irritating for auth.

Leave a Reply

Your email address will not be published. Required fields are marked *