https://bugs.openldap.org/show_bug.cgi?id=10049
Issue ID: 10049 Summary: ldapsearch can't contact LDAP Product: OpenLDAP Version: 2.4.44 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs@openldap.org Reporter: w3eagle@yahoo.com Target Milestone: ---
https://bugs.openldap.org/show_bug.cgi?id=10049
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INVALID Keywords|needs_review | Status|UNCONFIRMED |RESOLVED
--- Comment #1 from Quanah Gibson-Mount quanah@openldap.org --- The ITS system is for reporting bug, not asking help questions. If you are unsure how to use the basic command line tools, please subscribe to the openldap-technical@openldap.org email list and then send your message there.
https://bugs.openldap.org/show_bug.cgi?id=10049
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED
https://bugs.openldap.org/show_bug.cgi?id=10049
--- Comment #2 from w3eagle@yahoo.com --- version used: 2.4.44 that in Amazon2 core OS: AWS Linux2
Details: Users reported occasional issues with AD server authentication with MicroStrategy. Open case with MicroStrategy and learnt then use openldap library for the AD authentication. We were able to reproduce the issue with ldapsearch like below.
ldapsearch -H ldaps://$REMOTEHOST:$REMOTEPORT \ -x -D "CN=??????" \ -y pssd.txt -LLL \ -b "OU=???????" "(sAMAccountName=????)" dn
We use crontab to query AD once every minute, and we were able to see a few issues each day, error rate is more than 1/1000 but less than 1/100. The error looks like below -
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Not much info was logged other than this.
We tried all kinds of stuff but it didn't help, eg. the ldap.conf settings to ignore certs validation, simplify the cert folder files etc. and the like.
We think perhaps the TLS might be the issue, so we setup an nginx node within the same vpc, which communicates with AD server over TLS, but terminates TLS and talk to other ec2 with clear text. We were not able to see any errors.
So we have proved, for some reason, then ldapsearch over ldaps fails with a low percentage.
Not sure if this is a known issue.
https://bugs.openldap.org/show_bug.cgi?id=10049
--- Comment #3 from Howard Chu hyc@openldap.org --- This ticket is already closed and invalid.
Note that OpenLDAP contains no TLS code of its own. Since it appears you're having trouble related to TLS, you need to look into the TLS library that your binaries are built with.
There will be no further replies on this ticket.
https://bugs.openldap.org/show_bug.cgi?id=10049
--- Comment #4 from Howard Chu hyc@openldap.org --- *** Issue 10051 has been marked as a duplicate of this issue. ***
-
openldap-its@openldap.org