Skip to main content
NetApp Response to Russia-Ukraine Cyber Threat
In response to the recent rise in cyber threat due to the Russian-Ukraine crisis, NetApp is actively monitoring the global security intelligence and updating our cybersecurity measures. We follow U.S. Federal Government guidance and remain on high alert. Customers are encouraged to monitor the Cybersecurity and Infrastructure Security (CISA) website for new information as it develops and remain on high alert.

NetApp KCS Award

NetApp Knowledge Base

API calls to ONTAP 9.1-9.3 fail when using a readonly LDAP service account

Views:
194
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
om
Last Updated:

Applies to

ONTAP 9.1 - 9.3P7

Issue

API calls made to an ONTAP cluster fail when using a readonly LDAP service account

Error output may be returned by the application sending the API to the effect of the following(this exact output from OnCommand Insight):

2019-02-26 13:04:34,920 ERROR [com.onaro.sanscreen.acquisition.framework.datasource.BaseDataSource] myCluster [Invalid login credentials] - Failed to authenticate with cluster: 10.0.0.2 ([Device name 10.0.0.2]: cluster-identity-get; errno: 13003, reason: not authorized for that command)
com.onaro.sanscreen.acquisition.framework.datasource.DataSourceErrorException: Failed to authenticate with cluster: 10.0.0.2
    at com.onaro.sanscreen.acquisition.framework.datasource.DataSourceErrorException.createWithEnhanced(DataSourceErrorException.java:70)
    at com.onaro.sanscreen.acquisition.datasource.netapp_cmode.transport.zapi.ZAPIConnection.parseResponseXMLFromZAPIOutput(ZAPIConnection.java:709)
    at com.onaro.sanscreen.acquisition.datasource.netapp_cmode.transport.zapi.ZAPIConnection.invokeElem(ZAPIConnection.java:514)
    at com.onaro.sanscreen.acquisition.datasource.netapp_cmode.transport.zapi.ZAPIConnection.invokeElem(ZAPIConnection.java:436)
    at com.onaro.sanscreen.acquisition.datasource.netapp_cmode.transport.zapi.ZAPIConnection.invokeElem(ZAPIConnection.java:429)
    at com.onaro.sanscreen.acquisition.datasource.netapp_cmode.transport.zapi.ZAPIConnection.invokeCommandDesiredAttributes(ZAPIConnection.java:237)
    at com.onaro.sanscreen.acquisition.datasource.netapp_cmode.builders.zapi.ClusterBuilder.buildAndAddCluster(ClusterBuilder.java:341)
    at com.onaro.sanscreen.acquisition.datasource.netapp_cmode.builders.zapi.ClusterBuilder.buildClusterModel(ClusterBuilder.java:284)
    at com.onaro.sanscreen.acquisition.datasource.netapp_cmode.builders.zapi.ClusterBuilder.getCModeCluster(ClusterBuilder.java:253)
    at com.onaro.sanscreen.acquisition.datasource.netapp_cmode.builders.zapi.ClusterBuilder.executeAndBuild(ClusterBuilder.java:98)
    at com.onaro.sanscreen.acquisition.datasource.netapp_cmode.NetAppCModeDataSource.doFoundation(NetAppCModeDataSource.java:130)
    at com.onaro.sanscreen.acquisition.foundation.datasource.BaseFoundationPackage.pollNow(BaseFoundationPackage.java:195)
    at com.onaro.sanscreen.acquisition.framework.datasource.BaseDataSource.run(BaseDataSource.java:409)
    at com.onaro.sanscreen.acquisition.framework.datasource.BaseDataSource.runInitClassLoader(BaseDataSource.java:397)
    at com.onaro.sanscreen.acquisition.framework.datasource.BaseDataSource.runNotifyListeners(BaseDataSource.java:370)
    at com.onaro.sanscreen.acquisition.framework.datasource.BaseDataSource.runInitLog(BaseDataSource.java:344)
    at com.onaro.sanscreen.acquisition.framework.datasource.BaseDataSource.runInitRecordingSession(BaseDataSource.java:309)
    at com.onaro.sanscreen.acquisition.framework.datasource.BaseDataSource.runInitThreadName(BaseDataSource.java:294)
    at com.onaro.sanscreen.acquisition.framework.datasource.BaseDataSource.runWithProfiler(BaseDataSource.java:273)
    at com.onaro.sanscreen.acquisition.framework.datasource.BaseDataSource.run(BaseDataSource.java:249)
    at com.onaro.sanscreen.acquisition.framework.mgmt.DataSourceManager$PollLogic.run(DataSourceManager.java:734)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.Throwable: not authorized for that command

 

Scan to view the article on your device
CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support

 

  • Was this article helpful?