Bad IDSYS or Policy

Owned by Rumena Zlatkova (Deactivated)
Last updated: Dec 21, 2023 by Bala Harish A(AC)
1 min read

Incorrect IDYSYS Error

If you write an incorrect IDSYS to a tenant or a storage domain, subsequent attempts to access the system return an HTTP 503 error. This is an example response:

HTTP/1.1 503 Service Unavailable Server: CAStor Cluster/6.5.4 Via: 1.1 172.16.99.70 (Cloud Gateway SCSP/2.2) Gateway-Request-Id: D9DF0347CB7EAAE9  Gateway-Error-Message: Unable to connect to identity system  ldap://172.16.99.20:636 as cn=gateways,dc=caringo,dc=com: javax.naming.ServiceUnavailableException: 172.30.0.42:636; socket closed Content-Length: 44 Identity system failure or misconfiguration

To work around this, authenticate as a qualified user defined in the tenant IDSYS or the root IDSYS and replace the bad IDSYS. For example, if the user admin exists in the root IDSYS, write a corrected version of the storage domain's IDSYS and authenticate the request as user "admin@".

Warning

If you write an incorrect Policy to a tenant or storage domain, you can lock yourself out.

Workaround

To work around a Policy problem, authenticate with a "!" (exclamation point) prefix on the user name and replace the bad Policy. For example, if the user admin exists in the root IDSYS and the storage domain's Policy has denied access to all users, write a corrected version of the Policy to the storage domain by authenticating as "!admin@".

For more information, see IDSYS Document Format.

© DataCore Software Corporation. · https://www.datacore.com · All rights reserved.