-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
rhel-9.2.0
-
Normal
-
sst_idm_ds
-
ssg_idm
-
None
-
False
-
-
None
-
None
-
None
-
None
-
If docs needed, set a value
-
-
Unspecified
-
None
Description of problem: ldapsearch on cldap fails with error 'ldap_bind: No such object (32)'
Version-Release number of selected component (if applicable):
[root@server ~]# rpm -q ipa-server openldap-clients
ipa-server-4.10.1-2.el9.x86_64
openldap-clients-2.6.2-3.el9.x86_64
How reproducible:
Always
Steps to Reproduce:
1. Install IPA Server on RHEL8.8/9.2
2. #ipa-adtrust-install
3. Run the below ldap command.
ldapsearch -LL -H cldap://server.rhel88.test -b '' -s base 'dc=rhel88,dc=test' "(&(DnsDomain='dc=rhel88,dc=test')(NtVer=\x06\x00\x00\x00)(AAC=\x00\x00\x00\x00))"
Actual results:
1. On RHEL8.8 the command works fine post ipa-adtrust-install command.
[root@server ~]# /usr/bin/ldapsearch -VV
ldapsearch: @(#) $OpenLDAP: ldapsearch 2.4.46 (Aug 5 2021 12:21:38) $
[root@server ~]# ldapsearch -LL -H cldap://server.rhel92.test -b '' -s base 'dc=rhel92,dc=test' "(&(DnsDomain='dc=rhel92,dc=test')(NtVer=\x06\x00\x00\x00)(AAC=\x00\x00\x00\x00))"
version: 1
2. On RHEL9.2 the command fails with 'No such object' post ipa-adtrust-install command.
[root@server ~]# /usr/bin/ldapsearch -VV
ldapsearch: @(#) $OpenLDAP: ldapsearch 2.6.2 (Aug 5 2022 00:00:00)
[root@server ~]# ldapsearch -LL -H cldap://server.rhel88.test -b '' -s base 'dc=rhel88,dc=test' "(&(DnsDomain='dc=rhel88,dc=test')(NtVer=\x06\x00\x00\x00)(AAC=\x00\x00\x00\x00))"
ldap_bind: No such object (32)
3. On Fedora-36 fails with 'Can't contact ldap server' post ipa-adtrust-install command.
[root@server ~]# /usr/bin/ldapsearch -VV
ldapsearch: @(#) $OpenLDAP: ldapsearch 2.6.3 (Aug 17 2022 00:00:00)
[root@server ~]# ldapsearch -LL -H cldap://server.rhel88.test -b '' -s base 'dc=fedora36,dc=test' "(&(DnsDomain='dc=fedora36,dc=test')(NtVer=\x06\x00\x00\x00)(AAC=\x00\x00\x00\x00))"
ldap_sasl_interactive_bind: Can't contact LDAP server (-1)
Expected results:
The command should succeed on RHEL9 and Fedora systems as seen in RHEL8.8
Additional info:
ldapsearch command from RHEL8.8 to RHEL9.2 works fine, whereas it fails vice-versa.