Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-4927

ldapsearch on cldap fails with error 'ldap_bind: No such object (32)/ldap_sasl_interactive_bind: Can't contact LDAP server (-1)'

XMLWordPrintable

    • Normal
    • sst_idm_ds
    • ssg_idm
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • If docs needed, set a value
    • None

      Description of problem: ldapsearch on cldap fails with error 'ldap_bind: No such object (32)'

      Version-Release number of selected component (if applicable):
      [root@server ~]# rpm -q ipa-server openldap-clients
      ipa-server-4.10.1-2.el9.x86_64
      openldap-clients-2.6.2-3.el9.x86_64

      How reproducible:
      Always

      Steps to Reproduce:
      1. Install IPA Server on RHEL8.8/9.2
      2. #ipa-adtrust-install
      3. Run the below ldap command.

      ldapsearch -LL -H cldap://server.rhel88.test -b '' -s base 'dc=rhel88,dc=test' "(&(DnsDomain='dc=rhel88,dc=test')(NtVer=\x06\x00\x00\x00)(AAC=\x00\x00\x00\x00))"

      Actual results:
      1. On RHEL8.8 the command works fine post ipa-adtrust-install command.

      [root@server ~]# /usr/bin/ldapsearch -VV
      ldapsearch: @(#) $OpenLDAP: ldapsearch 2.4.46 (Aug 5 2021 12:21:38) $

      [root@server ~]# ldapsearch -LL -H cldap://server.rhel92.test -b '' -s base 'dc=rhel92,dc=test' "(&(DnsDomain='dc=rhel92,dc=test')(NtVer=\x06\x00\x00\x00)(AAC=\x00\x00\x00\x00))"
      version: 1

      2. On RHEL9.2 the command fails with 'No such object' post ipa-adtrust-install command.

      [root@server ~]# /usr/bin/ldapsearch -VV
      ldapsearch: @(#) $OpenLDAP: ldapsearch 2.6.2 (Aug 5 2022 00:00:00)

      [root@server ~]# ldapsearch -LL -H cldap://server.rhel88.test -b '' -s base 'dc=rhel88,dc=test' "(&(DnsDomain='dc=rhel88,dc=test')(NtVer=\x06\x00\x00\x00)(AAC=\x00\x00\x00\x00))"
      ldap_bind: No such object (32)

      3. On Fedora-36 fails with 'Can't contact ldap server' post ipa-adtrust-install command.

      [root@server ~]# /usr/bin/ldapsearch -VV
      ldapsearch: @(#) $OpenLDAP: ldapsearch 2.6.3 (Aug 17 2022 00:00:00)

      [root@server ~]# ldapsearch -LL -H cldap://server.rhel88.test -b '' -s base 'dc=fedora36,dc=test' "(&(DnsDomain='dc=fedora36,dc=test')(NtVer=\x06\x00\x00\x00)(AAC=\x00\x00\x00\x00))"
      ldap_sasl_interactive_bind: Can't contact LDAP server (-1)

      Expected results:
      The command should succeed on RHEL9 and Fedora systems as seen in RHEL8.8

      Additional info:
      ldapsearch command from RHEL8.8 to RHEL9.2 works fine, whereas it fails vice-versa.

            spichugi@redhat.com Simon Pichugin
            sumenon@redhat.com Sudhir Menon
            Simon Pichugin Simon Pichugin
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated: