BugZero | Dell BugID 185589 - XtremIO: LDAP configuration error when using secur...

Dell - Defect ID: 185589

XtremIO: LDAP configuration error when using secure channel ldaps

Dell - Defect ID: 185589

XtremIO: LDAP configuration error when using secure channel ldaps

Last updated on 3/15/2025

Overall: 0N/A

Severity: 0N/A

Community: 0N/A

Lifecycle: 0N/A

What is the BugZero Risk Score?

Vendor details

Support Case Count: 1
Article View Count: 194
Impact Category:

Overall: 0N/A

Severity: 0N/A

Community: 0N/A

Lifecycle: 0N/A

What is the BugZero Risk Score?

Vendor details

Support Case Count: 1
Article View Count: 194
Impact Category:

Symptoms

Background In some cases, when the customer configures LDAP authentication for external users, authentication errors may occur.The following XtremIO environments may be impacted by this issue: Dell EMC Software: XtremIO 6.3.2 and later. Issue When the customer configures LDAP authentication for external users, authentication errors may occur under when all of the following conditions exist: The LDAP server serves via a secure channel ldaps instead of ldapThere exists a configuration item TLS_CIPHER_SUITE ALL:!ECDHE in /etc/openldap/ldap.confThe existing server side certification is generated via cipher ECDHE. Given the above conditions, server side will return error like, [root@vxms-xbrick820 tmp]# LDAPTLS_REQCERT=never ldapsearch '-x' '-H' 'ldaps://10.xx.xxx.xxx' '-s' 'base' '-D' 'CN=Administrator,CN=Users,DC=dts,DC=xio,DC=com' -w ********** '-l' '1500' '-b' 'CN=xioadmins,CN=Users,DC=dts,DC=xio,DC=com' 'member' 'uniquemember' 'memberUid' ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

Cause

Software issue due to incompatibility of TLS_CIPHER_SUITE ALL:!ECDHE with server side certification being generated via cipher ECDHE

Resolution

To determine if LDAP is being used run the xmcli command show-user-accounts. The property External-Account is True when LDAP is being used: (tech)> show-user-accounts Name Index Role External-Account Inactivity-Timeout tech 1 technician False 10 sara 2 admin True 10 To prevent this error from happening, perform one of the following options: Regenerate the certification file along with cipher beyond ECDHE. Use openssl tool to generate a new certificate without using ECDHE cipher suite and then run command modify-ldap-config in xmcli console, for example: xmcli (tech)> modify-ldap-config ldap-config-id=1 ca-cert-data="-----BEGIN CERTIFICATE-----\n\ xmcli (tech)> ...MIIDxzCCAq+gAwIBAgIJAP6+MUDcIYMbMA0GCSqGSIb3DQEBCwUAMHoxCzAJBgNV\n\ xmcli (tech)> ...BAYTAlJVMQwwCgYDVQQIDANTUEIxDDAKBgNVBAcMA1NQQjENMAsGA1UECgwERGVs\n\ ... xmcli (tech)> ...IWm2qx8C+k891uD3kQp3ipG2c4GMp9y/QA2z8bJhYDVkPHj4k404vHO6CBYlgdMP\n\ xmcli (tech)> ...icN8dZwGqgfc58lct2zZORFJUAjduRGzB0rL4YYJwiuPLOqKTSma5cckef7bR4OB\n\ xmcli (tech)> ...dSvHlrWuRrrtDwk=\n\ xmcli (tech)> ...-----END CERTIFICATE-----" Modified LDAP Configuration [1] or Comment the configuration item TLS_CIPHER_SUITE ALL:!ECDHE in /etc/openldap/ldap.conf. If the XMS is being upgraded to XMS 6.3.2 or later this should be performed after the upgrade.

Support Cases

Original Vendor Announcement

No bugs this month

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Dell - Defect ID: 185589

XtremIO: LDAP configuration error when using secure channel ldaps

Dell - Defect ID: 185589

XtremIO: LDAP configuration error when using secure channel ldaps

Last updated on 3/15/2025

Vendor details

Vendor details

Description

Symptoms

Cause

Resolution

Support Cases

Links

Top Dell defects by risk score

Ready to prevent the next vendor outage?