Bad IDSYS or Policy
- Rumena Zlatkova (Deactivated)
- Bala Harish A(AC)
- Kyle Miller (Deactivated)
- Jamshid Afshar
Incorrect IDYSYS Error
If you write an incorrect IDSYS to a tenant or a storage domain, subsequent attempts to access the system return an HTTP 503 error. This is an example response:
HTTP/1.1 503 Service Unavailable
Server: CAStor Cluster/6.5.4
Via: 1.1 172.16.99.70 (Cloud Gateway SCSP/2.2)
Gateway-Request-Id: D9DF0347CB7EAAE9
Gateway-Error-Message: Unable to connect to identity system
ldap://172.16.99.20:636 as cn=gateways,dc=caringo,dc=com:
javax.naming.ServiceUnavailableException: 172.30.0.42:636; socket closed
Content-Length: 44
Identity system failure or misconfigurationTo work around this, authenticate as a qualified user defined in the tenant IDSYS or the root IDSYS and replace the bad IDSYS. For example, if the user admin exists in the root IDSYS, write a corrected version of the storage domain's IDSYS and authenticate the request as user "admin@".
Warning
If you write an incorrect Policy to a tenant or storage domain, you can lock yourself out.
Workaround
To work around a Policy problem, authenticate with a "!" (exclamation point) prefix on the user name and replace the bad Policy. For example, if the user admin exists in the root IDSYS and the storage domain's Policy has denied access to all users, write a corrected version of the Policy to the storage domain by authenticating as "!admin@".
For more information, see IDSYS Document Format.
© DataCore Software Corporation. · https://www.datacore.com · All rights reserved.