Details of LDAP server configured with IP address: [(u’ldap’, u’172.28.X.X’, 389, u’ihostname’)]
ldap_config_check
Solution :-
If the test result is a FAIL status or WARN status, the cluster function is not impacted, and some users may not be able to log in to the Prism Web Console.
Verify that the port 389 is open bidirectional in firewall
if port is not with SSL then the port is 389
ldap://fqdn:389
if port is with SSL then the port is 636 :- Ensure that all Active Directory Domain Controllers have installed SSL certificates.
ldap://fqdn:636
when the configuration is multiple domains, single forest, and uses SSL then ldaps port is 3269.
ldap://fqdn:3269
In linux machine you can verifiy the port opening using the telnet command
[root@localhost]# telnet 192.168.0.10 389
Connected
Additionally we can refer the following status.
- Verify that the LDAP is configured.
- Verify that you can ping the LDAP IP. If you can’t ping it, the Firewall in your environment might be blocking ICMP packets.
- Verify that the LDAP is set through a Hostname and not an IP Address because an IP Address is a single point of failure.
- If LDAP is configured with IP and the Server is changed, then the configuration on Prism needs to be updated.
- If LDAP is configured with FQDN, then changing the IP of the LDAP Server should not matter and does not require updates to Prism Configuration. (since the DNS server will resolve the new IP for the LDAP server)