Hello, all: I'm using IPA 3.0.0-26 on CentOS 6.4:
ipa-server-3.0.0-26.el6_4.4.x86_64 ipa-client-3.0.0-26.el6_4.4.x86_64 ipa-server-selinux-3.0.0-26.el6_4.4.x86_64 kernel: 2.6.32-358.18.1.el6.x86_64 My current setup has four masters replicating to each other and I seem to have run into a problem with ldapwhoami on my clients. $ ldapwhoami SASL/GSSAPI authentication started SASL username: [email protected] SASL SSF: 56 SASL data security layer installed. ldap_parse_result: Protocol error (2) additional info: unsupported extended operation Result: Protocol error (2) Additional info: unsupported extended operation The slapd log on one of my masters shows: [15/May/2014:10:22:01 -0400] conn=35293 fd=95 slot=95 connection from 10.203.1.121 to 10.203.1.221 [15/May/2014:10:22:01 -0400] conn=35293 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [15/May/2014:10:22:01 -0400] conn=35293 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [15/May/2014:10:22:01 -0400] conn=35293 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [15/May/2014:10:22:01 -0400] conn=35293 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [15/May/2014:10:22:01 -0400] conn=35293 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [15/May/2014:10:22:01 -0400] conn=35293 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=testuser,cn=users,cn=accounts,dc=example,dc=com" [15/May/2014:10:22:01 -0400] conn=35293 op=3 EXT oid="1.3.6.1.4.1.4203.1.11.3" [15/May/2014:10:22:01 -0400] conn=35293 op=3 RESULT err=2 tag=120 nentries=0 etime=0 [15/May/2014:10:22:01 -0400] conn=35293 op=4 UNBIND [15/May/2014:10:22:01 -0400] conn=35293 op=4 fd=95 closed - U1 This is a partial debug from the ldapwhoami command: ldap_read: want=36, got=36 0000: 01 02 04 00 04 1e 75 6e 73 75 70 70 6f 72 74 65 ......unsupporte 0010: 64 20 65 78 74 65 6e 64 65 64 20 6f 70 65 72 61 d extended opera 0020: 74 69 6f 6e tion ber_get_next: tag 0x30 len 42 contents: ber_dump: buf=0x834e888 ptr=0x834e888 end=0x834e8b2 len=42 0000: 02 01 04 78 25 0a 01 02 04 00 04 1e 75 6e 73 75 ...x%.......unsu 0010: 70 70 6f 72 74 65 64 20 65 78 74 65 6e 64 65 64 pported extended 0020: 20 6f 70 65 72 61 74 69 6f 6e operation read1msg: ld 0x83410e0 msgid 4 message type extended-result ber_scanf fmt ({eAA) ber: ber_dump: buf=0x834e888 ptr=0x834e88b end=0x834e8b2 len=39 0000: 78 25 0a 01 02 04 00 04 1e 75 6e 73 75 70 70 6f x%.......unsuppo 0010: 72 74 65 64 20 65 78 74 65 6e 64 65 64 20 6f 70 rted extended op 0020: 65 72 61 74 69 6f 6e eration read1msg: ld 0x83410e0 0 new referrals read1msg: mark request completed, ld 0x83410e0 msgid 4 request done: ld 0x83410e0 msgid 4 res_errno: 2, res_error: <unsupported extended operation>, res_matched: <> ldap_free_request (origid 4, msgid 4) ldap_parse_result ber_scanf fmt ({iAA) ber: ber_dump: buf=0x834e888 ptr=0x834e88b end=0x834e8b2 len=39 0000: 78 25 0a 01 02 04 00 04 1e 75 6e 73 75 70 70 6f x%.......unsuppo 0010: 72 74 65 64 20 65 78 74 65 6e 64 65 64 20 6f 70 rted extended op 0020: 65 72 61 74 69 6f 6e eration ber_scanf fmt (}) ber: ber_dump: buf=0x834e888 ptr=0x834e8b2 end=0x834e8b2 len=0 ldap_err2string ldap_parse_result: Protocol error (2) additional info: unsupported extended operation ldap_err2string Result: Protocol error (2) Additional info: unsupported extended operation Any help you can offer to guide me in fixing this problem would be appreciated. Thank you for your time! Trevor T. Kates CONFIDENTIALITY NOTICE: This electronic message contains information which may be legally confidential and or privileged and does not in any case represent a firm ENERGY COMMODITY bid or offer relating thereto which binds the sender without an additional express written confirmation to that effect. The information is intended solely for the individual or entity named above and access by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
