I am currently experiencing an issue with IPA Server set up on Fedora 36, using ipa-adtrust-install, and I'm unsure if this is due to a bug or misconfiguration on my part.

Here's what I've done:

I ran the following ldapsearch command:

    ldapsearch -LL -H cldap://server.example.com -b '' -s base 'dc=example,dc=com' "(&(DnsDomain='dc=example,dc=com')(NtVer=\x06\x00\x00\x00)(AAC=\x00\x00\x00\x00))"

On OpenLDAP 2.4.46, it was working fine, and it gave an output.
But OpenLDAP 2.6.2 and 2.6.4 fails with No such object (32) error.

I used gdb to investigate and found that the error occurred here:
https://git.openldap.org/openldap/openldap/-/blob/master/clients/tools/common.c#L1530-1535

It executes ldap_sasl_interactive_bind, but it exits right in the beginning:
https://git.openldap.org/openldap/openldap/-/blob/master/libraries/libldap/sasl.c#L445-455

So back at:
https://git.openldap.org/openldap/openldap/-/blob/master/clients/tools/common.c#L1530-1535
It exists the do-while loop right away and leaves with no result.

I'm wondering if I missed something or if there was an oversight in the implementation of this RFC, specifically regarding the CLDAP case:
https://git.openldap.org/openldap/openldap/-/commit/2ae62e86bc8ffab713fc4897f38461c31f2c79a8

Looking forward to your thoughts!

Best Regards,

Simon