02-20-2018 09:46 AM
We have about 42 c-class enclosure switches C8S47A in our SAN environment, discovered in BNA. Most of these switches were at 7.2.x or 7.3.x. Our plan was to upgrade all of them to 8.1.2a using BNA's parallel firmware upgrade feature. All the switches were successfully upgraded to 8.0.2d following the upgrade path of 7.2.x -> 7.3.x -> 7.4.x -> 8.0.2d. Now after upgrading about 12 switches to 8.1.2a, we are seeing a peculiar problem, that is, we are not able to login to the switch using our LDAP accounts. Local admin account works just fine. Also, while troubleshooting, I tried to remove the mapped roles and add them back using ldapcfg command but what I noticed was, once I remove and then add back the role, there are some null entries getting added to the maprole list, which is preventing me from mapping more than 2 groups. The LDAP authentication works for these 2 added groups.
Any idea what is going on?
05-21-2018 11:06 AM
There was an issue with FOS updates to 8.1.2a for users of LDAP authentication. Here is the defect#
DEFECT000635352 - Configuration for "ldap --mapattr" option was not handled correctly during firmware upgrade and downgrade, which may lead to LDAP authentication failure.
It was corrected in 8.1.2b. Users of LDAP should not upgrade to 8.1.2a. There is also more informaiton in the FOS Upgrade Path document that give the correct path to upgrade from 7.x versions.
If you are already there, you have to manualy edit the config file for LDAP to fix it. I recommend contacting support to get exact instuctions on how to correct this and where the files are located.