Sun SPARC Enterprise T5240 Server
 
Sun Netra T5220 Server
 
Sun SPARC Enterprise T5220 Server
 
Sun SPARC Enterprise T5120 Server
 
Sun Netra T6340 Server Module
 
Sun Blade T6320 Server Module
 
Sun SPARC Enterprise T5140 Server
 
Sun SPARC Enterprise T5440 Server
 
Sun Blade T6340 Server Module
 
Sun Netra T5440 Server
 

PLA-Support>Sun Systems>SPARC>CMT>SN-SPARC: T5xx0
 

In this Document

Symptoms

Cause

Solution

Created from <SR 3-9311876711>

Applies to:

Symptoms

LDAP/SSL authorization is working but the desired role(s) are not being assumed on the ILOM.

Cause

LDAP was enabled along with LDAP/SSL and the group definition did not precisely match the database.

Solution

The Oracle Integrated Lights Out Manager (ILOM) 3.0 Daily Management - Web Procedures guide assumes the user knows not to enable LDAP and LDAPS (LDAP/SSL) at the same time.  However, this is not explicitly stated.  LDAP and LDAPS differ in how roles are assigned.  LDAP relies on a default role that is assigned to all users while LDAPS can have specific roles assigned to specific users based on the defined group.  Therefore, if the user wishes to assign specific roles based on group, LDAP should be disabled and LDAPS (LDAP/SSL) should be enabled and the appropriate groups defined in the ILOM.

In the event a user is still having difficulty assuming the correct role in LDAPS, the group definition and user should be checked and compared to the LDAP database.  A simple LDAP search such as ldapsearch -h <host> -D <bindDN> -b <searchbase> can be performed on the group and the user and compared to the ILOM output of show -l all /SP/clients.  It's important that the definitions match exactly including case as lookups are case sensitive.  Something as simple as using CN, OU, and DC in the group definition in the ILOM while the LDAP database uses lower case cn, ou, and dc would cause a bad lookup.

This solution has no attachment