Skip to main content
NetApp Knowledge Base

Unix account resolution fails because MS-LDAP server does not have Unix account information

  1. Last updated
  2. Save as PDF
Views:
255
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas
Last Updated:

Applies to

  • ONTAP 9
  • CIFS/SMB
  • NFS
  • Name mapping
  • Account resolution
  • MS-LDAP

Issue

  • To resolve a Unix ID number to a full Unix account credential, ONTAP sends an LDAP query to the MS-LDAP server; requesting that the MS-LDAP server search for the Unix ID and reply with the associated Unix account's information
    • The MS-LDAP server replies that there are no matching accounts
  • getxxbyyy fails with Reason: Entry not found

    • getxxbyyy getpwbyname -node node-n01 -vserver svm1 -username v4 -use-cache false -show-source true
        (vserver services name-service getxxbyyy getpwbyname)
      Error: command failed: Failed to resolve user1. Reason: Entry not found for "username: user1".

    • getxxbyyy getpwbyname -node node-n01 -vserver svm1 -username v4 -use-cache false -show-source true
        (vserver services name-service getxxbyyy getpwbyname)
      Error: command failed: Failed to resolve user1. Reason: Entry not found for "username: user1".

  • SECD says 
    • debug:  Searching LDAP for the "uid, uidNumber, gidNumber, unixUserPassword, name, unixHomeDirectory, loginShell" attribute(s) within base "dc=owfg,dc=com" (scope: 2) using filter: (&(objectClass=User)(uid=424956))
info :  LDAP search succeeded with no entries  { in searchLdap() at src/utils/secd_ldap_utils.cpp:368 }
    • 00000016.002b38c4 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] .------------------------------------------------------------------------------.
00000016.002b38c5 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] |         !!!  NOTE: The logging below contains a SERIOUS ISSUE.  !!!          |
00000016.002b38c6 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] |              Check for entries of type: CRIT, ALERT, or EMERG.               |
00000016.002b38c7 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] |                     The RPC may or may not have failed.                      |
00000016.002b38c8 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] .------------------------------------------------------------------------------.
00000016.002b38c9 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] |                                 RPC FAILURE:                                 |
00000016.002b38ca 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] |                     secd_rpc_ldap_get_passwd has failed                      |
00000016.002b38cb 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] |                        Result = 0, RPC Result = 7054                         |
00000016.002b38cc 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] |                   RPC received at Tue Feb 10 09:46:58 2026                   |
00000016.002b38cd 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] |------------------------------------------------------------------------------'
00000016.002b38ce 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] Failure Summary:
00000016.002b38cf 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] Error: Ldap Get full user info procedure failed
00000016.002b38d0 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994]   [  0 ms] Using a cached connection to ldap_server
00000016.002b38d1 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] **[     8] FAILURE: Failed to get user info for name 'user1'
00000016.002b38d2 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] Details:
00000016.002b38d3 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] | [000.000.025]  debug:  Worker Thread 34520785408 processing RPC 215:secd_rpc_ldap_get_passwd(caller: LIBC) with request ID:43170 which sat in the queue for 0 seconds.  { in run() at src/server/secd_rpc_server.cpp:2447 }
00000016.002b38d4 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] | [000.000.036]  debug:  secd_rpc_ldap_get_passwd_1_svc called with vserverId=-1  { in secd_rpc_ldap_get_passwd_1_svc_secd() at src/authorization/secd_rpc_authorization.cpp:2736 }
00000016.002b38d5 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] | [000.000.041]  debug:  Setting thread context. VServerId = 4294967295 (name='admin'), Protocol = NONE, lifId = 0  { in setThreadContext() at src/utils/secd_thread_data_manager.cpp:415 }
00000016.002b38d6 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] | [000.000.048]  debug:  getPasswdInfoFromLdap called with info type PASSWD_INFO_FROM_USER_NAME  { in getPasswdInfoFromLdap() at src/authorization/secd_rpc_authorization.cpp:2640 }
00000016.002b38d7 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] | [000.000.051]  debug:  getPasswdInfoFromLdap called with info type PASSWD_INFO_FROM_USER_NAME with userName 'user1'  { in getPasswdInfoFromLdap() at src/authorization/secd_rpc_authorization.cpp:2647 }
00000016.002b38d8 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] | [000.000.054]  debug:  LDAP User Info from User Name = user1 requested.  { in getLdapUserInfo() at src/authorization/secd_ldap_unix_authorization.cpp:1008 }
00000016.002b38d9 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] | [000.000.065]  debug:  Looking for LDAP (NIS & Name Mapping) cache (key: "") in vserver 4294967295  { in getConnectionCache() at src/connection_manager/secd_connection_cache.cpp:702 }
00000016.002b38da 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] | [000.000.100]  debug:  Looking for a connection to LDAP (NIS & Name Mapping)  { in getConnection() at src/connection_manager/secd_connection_manager.cpp:644 }
00000016.002b38db 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] | [000.000.103]  debug:  Acquiring a new LDAP (NIS & Name Mapping) connection; favoring cache; Current cache size = 1; Overall cache size = 1; Current max connections = 16  { in getBestConnection() at src/connection_manager/secd_connection_manager.cpp:883 }
00000016.002b38dc 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] | [000.000.733]  debug:  Found an available connection in the cache  { in getBestCachedConnection() at src/connection_manager/secd_connection_cache.cpp:382 }
00000016.002b38dd 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] | [000.000.741]  info :  Using a cached connection to ldap_hostname { in getBestConnection() at src/connection_manager/secd_connection_manager.cpp:997 }
00000016.002b38de 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] | [000.001.052]  debug:  Searching LDAP for the "sAMAccountName, uidNumber, gidNumber, unixUserPassword, name, unixHomeDirectory, loginShell" attribute(s) within base "OU=Accounts,DC=contoso,DC=com" (scope: 2) using filter: (&(objectClass=User)(sAMAccountName= user1))  { in searchLdap() at src/utils/secd_ldap_utils.cpp:324 }
00000016.002b38df 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] | [000.008.843]  ERR  :  RESULT_ERROR_SECD_CONFIGURATION_NOT_FOUND:6943 in getCifsServerAuthStyle() at src/configuration_manager/secd_configuration_manager.cpp:1667
00000016.002b38e0 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] | [000.008.848]  ERR  :  RESULT_ERROR_SECD_CONFIGURATION_NOT_FOUND:6943 in getUserDetailsFromLdapResponse() at src/authorization/secd_ldap_unix_authorization.cpp:1509
00000016.002b38e1 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] | [000.008.851]  debug:  Translated into UserName: user1  { in getUserDetailsFromLdapResponse() at src/authorization/secd_ldap_unix_authorization.cpp:1525 }
00000016.002b38e2 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] | [000.008.855]  ERR  :  RESULT_ERROR_SECD_LDAP_ATTRIBUTE_MISSING:7054 in getLdapValueLen() at src/utils/secd_ldap_utils.cpp:464
00000016.002b38e3 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] | [000.008.858]  ERR  :  LDAP returned 0 results for attribute uidNumber
00000016.002b38e4 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] | [000.008.862]  ERR  :  RESULT_ERROR_SECD_LDAP_ATTRIBUTE_MISSING:7054 in getUserDetailsFromLdapResponse() at src/authorization/secd_ldap_unix_authorization.cpp:1528
00000016.002b38e5 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] | [000.008.864]  ERR  :  RESULT_ERROR_SECD_LDAP_ATTRIBUTE_MISSING:7054 in getLdapUserInfo() at src/authorization/secd_ldap_unix_authorization.cpp:1099
00000016.002b38e6 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] | [000.008.888]  ERR  :  Failed to get user info for name 'user1' { in getPasswdInfoFromLdap() at src/authorization/secd_rpc_authorization.cpp:2667 }
00000016.002b38e7 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] | [000.008.889]  ERR  :  RESULT_ERROR_SECD_LDAP_ATTRIBUTE_MISSING:7054 in getPasswdInfoFromLdap() at src/authorization/secd_rpc_authorization.cpp:2669
00000016.002b38e8 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] | [000.008.892]  ERR  :  RESULT_ERROR_SECD_LDAP_ATTRIBUTE_MISSING:7054 in secd_rpc_ldap_get_passwd_1_svc_secd() at src/authorization/secd_rpc_authorization.cpp:2741
00000016.002b38e9 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] | [000.008.896]  debug:  SecD RPC Server sending reply to RPC 215: secd_rpc_ldap_get_passwd  { in secdSendRpcResponse() at src/server/secd_rpc_server.cpp:2259 }
00000016.002b38ea 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] | [000.008.936]  ERR  :  RESULT_ERROR_SECD_LDAP_ATTRIBUTE_MISSING:7054 in getFailureCode() at src/utils/secd_thread_task_journal.cpp:348
00000016.002b38eb 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] | [000.009.804]  debug:  Failed to get the operational state of vserver 4294967295 via DSMF: entry doesn't exist; so we are assuming it's running  { in getVserverOperState() at src/configuration_manager/secd_configuration_manager.cpp:2808 }
00000016.002b38ec 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] | [000.009.817]  ALERT:  sending EMS. Logging the RPC to secd.log  { in shouldLogInEms() at src/utils/secd_ems_utils.cpp:263 }
00000016.002b38ed 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] | [000.009.829]  debug:  Logged secd.unexpectedFailure to EMS  { in logEmsEventWithJournalForUnexpectedError() at src/utils/secd_ems_utils.cpp:1423 }
00000016.002b38ee 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] |------------------------------------------------------------------------------.
00000016.002b38ef 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] |                  RPC completed at Tue Feb 10 09:46:58 2026                   |
00000016.002b38f0 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] |              End of log for failed RPC secd_rpc_ldap_get_passwd              |
00000016.002b38f1 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994] '------------------------------------------------------------------------------'
00000016.002b38f2 07e0790e Tue Feb 10 2026 09:46:58 -05:00 [kern_secd:info:26994]

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.