-
Bug
-
Resolution: Unresolved
-
Undefined
-
rhel-10.0
-
Yes
-
Important
-
rhel-idm-ds
-
ssg_idm
-
0
-
False
-
False
-
-
None
-
None
-
None
-
None
-
Unspecified
-
Unspecified
-
Unspecified
-
-
All
-
None
In RHEL 8/9/10, a specific filter has stopped returning results: (&(cn:dn:=groups))
[root@s01 ~]# ldapsearch -LLL -Y GSSAPI -H ldap://s01.ipa1.lab.int/ -b cn=groups,cn=accounts,dc=ipa1,dc=lab,dc=int '(&(cn:dn:=groups))'|wc -l
SASL/GSSAPI authentication started
SASL username: admin@IPA1.LAB.INT
SASL SSF: 256
SASL data security layer installed.
0 <---------
[root@s01 ~]#
[05/May/2025:09:20:07.768830371 -0400] conn=3009 fd=248 slot=248 connection from 192.168.202.246 to 192.168.202.246 [05/May/2025:09:20:07.773744731 -0400] conn=3009 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [05/May/2025:09:20:07.776355828 -0400] conn=3009 op=0 RESULT err=14 tag=97 nentries=0 wtime=0.000173699 optime=0.002613962 etime=0.002786203, SASL bind in progress [05/May/2025:09:20:08.024672227 -0400] conn=3009 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [05/May/2025:09:20:08.026675248 -0400] conn=3009 op=1 RESULT err=14 tag=97 nentries=0 wtime=0.000066180 optime=0.002010682 etime=0.002075511, SASL bind in progress [05/May/2025:09:20:08.275160475 -0400] conn=3009 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [05/May/2025:09:20:08.275851379 -0400] conn=3009 op=2 RESULT err=0 tag=97 nentries=0 wtime=0.000103357 optime=0.000698556 etime=0.000800562 dn="uid=admin,cn=users,cn=accounts,dc=ipa1,dc=lab,dc=int" [05/May/2025:09:20:08.525751926 -0400] conn=3009 op=3 SRCH base="cn=groups,cn=accounts,dc=ipa1,dc=lab,dc=int" scope=2 filter="(&(cn:dn:=groups))" attrs=ALL [05/May/2025:09:20:08.526566427 -0400] conn=3009 op=4 UNBIND [05/May/2025:09:20:08.526582518 -0400] conn=3009 op=4 fd=248 Disconnect - Cleanly Closed Connection - U1 [05/May/2025:09:20:08.526941828 -0400] conn=3009 op=3 RESULT err=0 tag=101 nentries=0 wtime=0.000205617 optime=0.001192725 etime=0.001396281
Modifying the filter slightly returns results:
[root@s01 ~]# ldapsearch -LLL -Y GSSAPI -H ldap://s01.ipa1.lab.int/ -b cn=groups,cn=accounts,dc=ipa1,dc=lab,dc=int '(cn:dn:=groups)'|wc -l
SASL/GSSAPI authentication started
SASL username: admin@IPA1.LAB.INT
SASL SSF: 256
SASL data security layer installed.
149 <---------
[root@s01 ~]#
[05/May/2025:09:18:30.071124678 -0400] conn=3008 fd=248 slot=248 connection from 192.168.202.246 to 192.168.202.246 [05/May/2025:09:18:30.076610100 -0400] conn=3008 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [05/May/2025:09:18:30.079425455 -0400] conn=3008 op=0 RESULT err=14 tag=97 nentries=0 wtime=0.000195741 optime=0.002819761 etime=0.003014199, SASL bind in progress [05/May/2025:09:18:30.327907621 -0400] conn=3008 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [05/May/2025:09:18:30.336391621 -0400] conn=3008 op=1 RESULT err=14 tag=97 nentries=0 wtime=0.000147278 optime=0.008470898 etime=0.008612653, SASL bind in progress [05/May/2025:09:18:30.337247195 -0400] conn=3008 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [05/May/2025:09:18:30.339707225 -0400] conn=3008 op=2 RESULT err=0 tag=97 nentries=0 wtime=0.000107146 optime=0.002468513 etime=0.002570892 dn="uid=admin,cn=users,cn=accounts,dc=ipa1,dc=lab,dc=int" [05/May/2025:09:18:30.588880087 -0400] conn=3008 op=3 SRCH base="cn=groups,cn=accounts,dc=ipa1,dc=lab,dc=int" scope=2 filter="(cn:dn:=groups)" attrs=ALL [05/May/2025:09:18:30.600091635 -0400] conn=3008 op=3 RESULT err=0 tag=101 nentries=9 wtime=0.000426347 optime=0.011217832 etime=0.011636488 [05/May/2025:09:18:30.604712594 -0400] conn=3008 op=4 UNBIND [05/May/2025:09:18:30.604766523 -0400] conn=3008 op=4 fd=248 Disconnect - Cleanly Closed Connection - U1