Unable to add more than one LDAP server to the same LDAP Identity source in NSX
search cancel

Unable to add more than one LDAP server to the same LDAP Identity source in NSX

book

Article ID: 417165

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • Following error is encountered when we add 2 LDAP servers, "Error: The protocol (LDAP/LDAPS), use_starttls, bind_dn and password properties must be identical on all LDAP servers in an LDAP Identity Source. (Error code: 53011)".
  • Below logs can be seen from /var/log/syslog in the NSX manager, where bind_dn (or bind_identity) value are not identical. 
    <Timestamp> NSX 77446 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId=<reqID> splitId="sQcPFaM5" splitIndex="1 of 2" subcomp="manager" update="true" username="admin"] UserName="admin", Src="<src-IP>", ModuleName="LdapIdentitySources", Operation="CreateOrUpdateLdapIdentitySource", Operation status="failure", New value=[<LDAP_Identity_Source_name> {"resolve_nested_groups":true,"group_cache_ttl":60,"resource_type":"ActiveDirectoryIdentitySource","id":"<Identitiy-source-name>","display_name":"<Identity-source-name>","domain_name":"<domain-name>","alternative_domain_names":<alternate_domain_name>,"base_dn":<Base_dn>,"ldap_servers":[{"url":"LDAPS://<LDAP-server-1>:636","use_starttls":false,"certificates":["-----BEGIN CERTIFICATE-----......-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----......\n-----END CERTIFICATE-----"],"bind_identity":"bind_Identity.example.com","enabled":true},{"url":"LDAPS://<LDAP-server-2>:636","use_starttls":false,"certificates":
<Timestamp> NSX 77446 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId=<reqID> splitId="sQcPFaM5" splitIndex="2 of 2" subcomp="manager" update="true" username="admin"] ["-----BEGIN CERTIFICATE-----\n....-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\n......\n-----END CERTIFICATE-----"],"bind_identity":"bind_Identity.example.in","enabled":true}],"_system_owned":false,"_create_time":1759997630347,"_last_modified_time":1761226400491,"_last_modified_user":"admin","_create_user":"admin","_revision":20}]

Environment

VMware NSX

Cause

Misconfiguration, if any of the following parameters (like protocol (LDAP/LDAPS), use_starttls, bind_dn and password) are not identical, due to which the reported issue is observed. 

Resolution

The protocol (LDAP/LDAPS), use_starttls, bind_dn and password properties must be identical on all LDAP servers in an LDAP Identity Source.

Powered by Wolken Software