After updating TrueNAS Scale from 22.02.0.1 to 22.02.1 I can't connect the LDAP Directory Service anymore:
Manually doing a "ldapsearch" from CLI works fine. DNS also works fine. Disabling certificate validation in LDAP settings did not help (I tried as there was something about legacy certificates in the update notes).
Booting back into 22.02.0.1 and LDAP DS is working as expected again.
Jira issue: https://jira.ixsystems.com/browse/NAS-116046
Code:
[2022/05/05 10:01:43] (WARNING) application.call_method():210 - Exception while calling ldap.update(*[{'hostname': ['ipa01.ipa.mydomain.com'], 'basedn': 'dc=ipa,dc=mydomain,dc=com', 'binddn': 'uid=truenas,cn=users,cn=accounts,dc=ipa,dc=mydomain,dc=com', 'enable': True, 'anonbind': False, 'ssl': 'ON', 'certificate': None, 'validate_certificates': True, 'disable_freenas_cache': False, 'kerberos_realm': 1, 'kerberos_principal': '', 'timeout': 30, 'dns_timeout': 30, 'has_samba_schema': False, 'auxiliary_parameters': 'base passwd cn=users,cn=accounts,dc=ipa,dc=mydomain,dc=com\nbase group cn=groups,cn=compat,dc=ipa,dc=mydomain,dc=com', 'schema': 'RFC2307'}]) Traceback (most recent call last): File "/usr/lib/python3/dist-packages/middlewared/main.py", line 175, in call_method result = await self.middleware._call(message['method'], serviceobj, methodobj, params, app=self) File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1257, in _call return await methodobj(*prepared_call.args) File "/usr/lib/python3/dist-packages/middlewared/service.py", line 574, in update rv = await self.middleware._call( File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1257, in _call return await methodobj(*prepared_call.args) File "/usr/lib/python3/dist-packages/middlewared/schema.py", line 1129, in nf res = await f(*args, **kwargs) File "/usr/lib/python3/dist-packages/middlewared/schema.py", line 1261, in nf return await func(*args, **kwargs) File "/usr/lib/python3/dist-packages/middlewared/plugins/ldap.py", line 1013, in do_update await self.middleware.call('ldap.ldap_validate', new, verrors) File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1308, in call return await self._call( File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1257, in _call return await methodobj(*prepared_call.args) File "/usr/lib/python3/dist-packages/middlewared/plugins/ldap.py", line 835, in ldap_validate await self.middleware.call('ldap.validate_credentials', data) File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1308, in call return await self._call( File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1257, in _call return await methodobj(*prepared_call.args) File "/usr/lib/python3/dist-packages/middlewared/plugins/ldap.py", line 1072, in validate_credentials await self.middleware.call('ldapclient.validate_credentials', client_conf) File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1308, in call return await self._call( File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1257, in _call return await methodobj(*prepared_call.args) File "/usr/lib/python3/dist-packages/middlewared/schema.py", line 1261, in nf return await func(*args, **kwargs) File "/usr/lib/python3/dist-packages/middlewared/plugins/ldap.py", line 185, in validate_credentials await self.middleware.run_in_executor(self.thread_pool, self._open, data, True) File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1169, in run_in_executor return await loop.run_in_executor(pool, functools.partial(method, *args, **kwargs)) File "/usr/lib/python3.9/concurrent/futures/thread.py", line 52, in run result = self.fn(*self.args, **self.kwargs) File "/usr/lib/python3/dist-packages/middlewared/plugins/ldap.py", line 328, in _open raise saved_error File "/usr/lib/python3/dist-packages/middlewared/plugins/ldap.py", line 307, in _open self._handle.sasl_gssapi_bind_s() File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 489, in sasl_gssapi_bind_s self.sasl_non_interactive_bind_s('GSSAPI',serverctrls,clientctrls,sasl_flags,authz_id) File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 477, in sasl_non_interactive_bind_s self.sasl_interactive_bind_s('',auth,serverctrls,clientctrls,sasl_flags) File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 467, in sasl_interactive_bind_s return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags) File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 331, in _ldap_call reraise(exc_type, exc_value, exc_traceback) File "/usr/lib/python3/dist-packages/ldap/compat.py", line 44, in reraise raise exc_value File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 315, in _ldap_call result = func(*args,**kwargs) ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server", 'errno': 115, 'info': '(unknown error code)'}
Manually doing a "ldapsearch" from CLI works fine. DNS also works fine. Disabling certificate validation in LDAP settings did not help (I tried as there was something about legacy certificates in the update notes).
Booting back into 22.02.0.1 and LDAP DS is working as expected again.
Jira issue: https://jira.ixsystems.com/browse/NAS-116046
Last edited: