Skip to main content
NetApp Knowledge Base

API calls to ONTAP 9.1-9.3 fail when using a readonly LDAP service account

Views:
226
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
om
Last Updated:

Applies to

ONTAP 9.1 - 9.3P7

Issue

API calls made to an ONTAP cluster fail when using a readonly LDAP service account

Error output may be returned by the application sending the API to the effect of the following(this exact output from OnCommand Insight):

2019-02-26 13:04:34,920 ERROR [com.onaro.sanscreen.acquisition.framework.datasource.BaseDataSource] myCluster [Invalid login credentials] - Failed to authenticate with cluster: 10.0.0.2 ([Device name 10.0.0.2]: cluster-identity-get; errno: 13003, reason: not authorized for that command)
com.onaro.sanscreen.acquisition.framework.datasource.DataSourceErrorException: Failed to authenticate with cluster: 10.0.0.2
    at com.onaro.sanscreen.acquisition.framework.datasource.DataSourceErrorException.createWithEnhanced(DataSourceErrorException.java:70)
    at com.onaro.sanscreen.acquisition.datasource.netapp_cmode.transport.zapi.ZAPIConnection.parseResponseXMLFromZAPIOutput(ZAPIConnection.java:709)
    at com.onaro.sanscreen.acquisition.datasource.netapp_cmode.transport.zapi.ZAPIConnection.invokeElem(ZAPIConnection.java:514)
    at com.onaro.sanscreen.acquisition.datasource.netapp_cmode.transport.zapi.ZAPIConnection.invokeElem(ZAPIConnection.java:436)
    at com.onaro.sanscreen.acquisition.datasource.netapp_cmode.transport.zapi.ZAPIConnection.invokeElem(ZAPIConnection.java:429)
    at com.onaro.sanscreen.acquisition.datasource.netapp_cmode.transport.zapi.ZAPIConnection.invokeCommandDesiredAttributes(ZAPIConnection.java:237)
    at com.onaro.sanscreen.acquisition.datasource.netapp_cmode.builders.zapi.ClusterBuilder.buildAndAddCluster(ClusterBuilder.java:341)
    at com.onaro.sanscreen.acquisition.datasource.netapp_cmode.builders.zapi.ClusterBuilder.buildClusterModel(ClusterBuilder.java:284)
    at com.onaro.sanscreen.acquisition.datasource.netapp_cmode.builders.zapi.ClusterBuilder.getCModeCluster(ClusterBuilder.java:253)
    at com.onaro.sanscreen.acquisition.datasource.netapp_cmode.builders.zapi.ClusterBuilder.executeAndBuild(ClusterBuilder.java:98)
    at com.onaro.sanscreen.acquisition.datasource.netapp_cmode.NetAppCModeDataSource.doFoundation(NetAppCModeDataSource.java:130)
    at com.onaro.sanscreen.acquisition.foundation.datasource.BaseFoundationPackage.pollNow(BaseFoundationPackage.java:195)
    at com.onaro.sanscreen.acquisition.framework.datasource.BaseDataSource.run(BaseDataSource.java:409)
    at com.onaro.sanscreen.acquisition.framework.datasource.BaseDataSource.runInitClassLoader(BaseDataSource.java:397)
    at com.onaro.sanscreen.acquisition.framework.datasource.BaseDataSource.runNotifyListeners(BaseDataSource.java:370)
    at com.onaro.sanscreen.acquisition.framework.datasource.BaseDataSource.runInitLog(BaseDataSource.java:344)
    at com.onaro.sanscreen.acquisition.framework.datasource.BaseDataSource.runInitRecordingSession(BaseDataSource.java:309)
    at com.onaro.sanscreen.acquisition.framework.datasource.BaseDataSource.runInitThreadName(BaseDataSource.java:294)
    at com.onaro.sanscreen.acquisition.framework.datasource.BaseDataSource.runWithProfiler(BaseDataSource.java:273)
    at com.onaro.sanscreen.acquisition.framework.datasource.BaseDataSource.run(BaseDataSource.java:249)
    at com.onaro.sanscreen.acquisition.framework.mgmt.DataSourceManager$PollLogic.run(DataSourceManager.java:734)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.Throwable: not authorized for that command

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

Scan to view the article on your device

 

  • Was this article helpful?