Hello.
I'm experiencing a LDAP client problem on CentOS 7 after upgrade of FreeIPA
server from CentOS 8.2 (FreeIPA 4.8.4) to 8.3 (FreeIPA 4.8.7).
Here is what I was able to find. During login, nslcd on client performs LDAP
bind using credentials provided by user. Here are the nslcd debug logs:
against 4.8.4 server, working:
nslcd: [8b4567] <authc="myuser"> DEBUG:
ldap_simple_bind_s("uid=myuser,cn=users,cn=compat,dc=my,dc=org","***")
(uri="ldap://ipa2.my.org";)
nslcd: [8b4567] <authc="myuser"> DEBUG: ldap_result():
uid=myuser,cn=users,cn=compat,dc=my,dc=org
nslcd: [8b4567] <authc="myuser"> DEBUG: ldap_unbind()
nslcd: [8b4567] <authc="myuser"> DEBUG: bind successful
against 4.8.7 server, not working:
nslcd: [b0dc51] <authc="myuser"> DEBUG: ldap_start_tls_s()
nslcd: [b0dc51] <authc="myuser"> DEBUG:
ldap_simple_bind_s("uid=myuser,cn=users,cn=compat,dc=my,dc=org","***")
(uri="ldap://ipa3.my.org";)
nslcd: [b0dc51] <authc="myuser"> ldap_result() failed: No such object
nslcd: [b0dc51] <authc="myuser"> uid=myuser,cn=users,cn=compat,dc=my,dc=org:
lookup failed: No such object
nslcd: [b0dc51] <authc="myuser"> DEBUG: ldap_unbind()
I attempted to replicate what nslcd does using ldapsearch, and I could not find
any difference between output from 4.8.4 and 4.8.7. I can bind as my user and
run queries. I also checked the changelog between these server versions and
could not find anything suspicious. Any suggestions how to deal with this?
Thanks.
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
