Simon Pichugin wrote: > Hi folks, > I am currently experiencing an issue with IPA Server set up on Fedora 36, > using ipa-adtrust-install, and I'm unsure if this is due to a bug or > misconfiguration > on my part. > > Here's what I've done: > > I ran the following ldapsearch command: > > ldapsearch -LL -H cldap://server.example.com <http://server.example.com> > -b '' -s base 'dc=example,dc=com' > "(&(DnsDomain='dc=example,dc=com')(NtVer=\x06\x00\x00\x00)(AAC=\x00\x00\x00\x00))" > > On OpenLDAP 2.4.46, it was working fine, and it gave an output. > But OpenLDAP 2.6.2 and 2.6.4 fails with No such object (32) error. > > I used gdb to investigate and found that the error occurred here: > https://git.openldap.org/openldap/openldap/-/blob/master/clients/tools/common.c#L1530-1535 > > It executes ldap_sasl_interactive_bind, but it exits right in the beginning: > https://git.openldap.org/openldap/openldap/-/blob/master/libraries/libldap/sasl.c#L445-455 > > So back at: > https://git.openldap.org/openldap/openldap/-/blob/master/clients/tools/common.c#L1530-1535 > It exists the do-while loop right away and leaves with no result. > > I'm wondering if I missed something or if there was an oversight in the > implementation of this RFC, specifically regarding the CLDAP case: > https://git.openldap.org/openldap/openldap/-/commit/2ae62e86bc8ffab713fc4897f38461c31f2c79a8 >
cldap doesn't support authentication or authorization of any kind. Just add "-x" to your ldapsearch invocation. > Looking forward to your thoughts! > > Best Regards, > Simon > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
