Skip to main content
NetApp adopts Microsoft’s Business-to-Customer (B2C) Identity Management
Effective December 3 - NetApp adopts Microsoft’s Business-to-Customer (B2C) identity management to simplify and provide secure access to NetApp resources. For accounts that did not pre-register (prior to Dec 3) access to your NetApp data may take up to 1 hour as your legacy NSS ID is synchronized to the new B2C identity. To learn more, Read the FAQ and Watch the video. Need assistance? Complete this form and select “Registration Issue” as the Feedback Category. 
NetApp Knowledge Base

API calls to ONTAP 9.1-9.3 fail when using a readonly LDAP service account

Views:
172
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
om
Last Updated:

Applies to

ONTAP 9.1 - 9.3P7

Issue

API calls made to an ONTAP cluster fail when using a readonly LDAP service account

Error output may be returned by the application sending the API to the effect of the following(this exact output from OnCommand Insight):

2019-02-26 13:04:34,920 ERROR [com.onaro.sanscreen.acquisition.framework.datasource.BaseDataSource] myCluster [Invalid login credentials] - Failed to authenticate with cluster: 10.0.0.2 ([Device name 10.0.0.2]: cluster-identity-get; errno: 13003, reason: not authorized for that command)
com.onaro.sanscreen.acquisition.framework.datasource.DataSourceErrorException: Failed to authenticate with cluster: 10.0.0.2
    at com.onaro.sanscreen.acquisition.framework.datasource.DataSourceErrorException.createWithEnhanced(DataSourceErrorException.java:70)
    at com.onaro.sanscreen.acquisition.datasource.netapp_cmode.transport.zapi.ZAPIConnection.parseResponseXMLFromZAPIOutput(ZAPIConnection.java:709)
    at com.onaro.sanscreen.acquisition.datasource.netapp_cmode.transport.zapi.ZAPIConnection.invokeElem(ZAPIConnection.java:514)
    at com.onaro.sanscreen.acquisition.datasource.netapp_cmode.transport.zapi.ZAPIConnection.invokeElem(ZAPIConnection.java:436)
    at com.onaro.sanscreen.acquisition.datasource.netapp_cmode.transport.zapi.ZAPIConnection.invokeElem(ZAPIConnection.java:429)
    at com.onaro.sanscreen.acquisition.datasource.netapp_cmode.transport.zapi.ZAPIConnection.invokeCommandDesiredAttributes(ZAPIConnection.java:237)
    at com.onaro.sanscreen.acquisition.datasource.netapp_cmode.builders.zapi.ClusterBuilder.buildAndAddCluster(ClusterBuilder.java:341)
    at com.onaro.sanscreen.acquisition.datasource.netapp_cmode.builders.zapi.ClusterBuilder.buildClusterModel(ClusterBuilder.java:284)
    at com.onaro.sanscreen.acquisition.datasource.netapp_cmode.builders.zapi.ClusterBuilder.getCModeCluster(ClusterBuilder.java:253)
    at com.onaro.sanscreen.acquisition.datasource.netapp_cmode.builders.zapi.ClusterBuilder.executeAndBuild(ClusterBuilder.java:98)
    at com.onaro.sanscreen.acquisition.datasource.netapp_cmode.NetAppCModeDataSource.doFoundation(NetAppCModeDataSource.java:130)
    at com.onaro.sanscreen.acquisition.foundation.datasource.BaseFoundationPackage.pollNow(BaseFoundationPackage.java:195)
    at com.onaro.sanscreen.acquisition.framework.datasource.BaseDataSource.run(BaseDataSource.java:409)
    at com.onaro.sanscreen.acquisition.framework.datasource.BaseDataSource.runInitClassLoader(BaseDataSource.java:397)
    at com.onaro.sanscreen.acquisition.framework.datasource.BaseDataSource.runNotifyListeners(BaseDataSource.java:370)
    at com.onaro.sanscreen.acquisition.framework.datasource.BaseDataSource.runInitLog(BaseDataSource.java:344)
    at com.onaro.sanscreen.acquisition.framework.datasource.BaseDataSource.runInitRecordingSession(BaseDataSource.java:309)
    at com.onaro.sanscreen.acquisition.framework.datasource.BaseDataSource.runInitThreadName(BaseDataSource.java:294)
    at com.onaro.sanscreen.acquisition.framework.datasource.BaseDataSource.runWithProfiler(BaseDataSource.java:273)
    at com.onaro.sanscreen.acquisition.framework.datasource.BaseDataSource.run(BaseDataSource.java:249)
    at com.onaro.sanscreen.acquisition.framework.mgmt.DataSourceManager$PollLogic.run(DataSourceManager.java:734)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.Throwable: not authorized for that command

 

CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support