LDAP users unable to login to NSX
Article ID: 374995
Updated On:
Products
Issue/Introduction
Login fails when an LDAP user attempts to login to the NSX UI after the domain was edited to change it's case
Environment
VMware NSX 4.x
VMware NSX-T 3.x
Cause
When LDAP users login, NSX must validate their identity from the LDAP source configured within NSX. A processing error in this workflow within NSX causes this error to occur.
Once an LDAP source is configured in NSX, if the user decides to edit this and change the case of the domain name, then existing LDAP users will be unable to access the NSX UI.
The following logline will be observed in the api_server.log file for the policy service:
2024-06-18T18:29:04.912Z napi.rest_routine_rbac_utils INFO Insufficient privileges invoking GET /api/v1/sites/self by [email protected] (######) in groups '['group', 'group2', 'group3']'
Resolution
This can be remedied by editing the LDAP Identity Source and restoring the case of the domain name as it was previously. Additionally, the next release of NSX will contain a software fix for this issue.
Feedback
