After updating TrueNAS Scale from 22.02.0.1 to 22.02.1 I can't connect the LDAP Directory Service anymore:
Manually doing a "ldapsearch" from CLI works fine. DNS also works fine. Disabling certificate validation in LDAP settings did not help (I tried as there was something about legacy certificates in the update notes).
Booting back into 22.02.0.1 and LDAP DS is working as expected again.
Jira issue: https://jira.ixsystems.com/browse/NAS-116046
Code:
[2022/05/05 10:01:43] (WARNING) application.call_method():210 - Exception while calling ldap.update(*[{'hostname': ['ipa01.ipa.mydomain.com'], 'basedn': 'dc=ipa,dc=mydomain,dc=com', 'binddn': 'uid=truenas,cn=users,cn=accounts,dc=ipa,dc=mydomain,dc=com', 'enable': True, 'anonbind': False, 'ssl': 'ON', 'certificate': None, 'validate_certificates': True, 'disable_freenas_cache': False, 'kerberos_realm': 1, 'kerberos_principal': '', 'timeout': 30, 'dns_timeout': 30, 'has_samba_schema': False, 'auxiliary_parameters': 'base passwd cn=users,cn=accounts,dc=ipa,dc=mydomain,dc=com\nbase group cn=groups,cn=compat,dc=ipa,dc=mydomain,dc=com', 'schema': 'RFC2307'}])
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/middlewared/main.py", line 175, in call_method
result = await self.middleware._call(message['method'], serviceobj, methodobj, params, app=self)
File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1257, in _call
return await methodobj(*prepared_call.args)
File "/usr/lib/python3/dist-packages/middlewared/service.py", line 574, in update
rv = await self.middleware._call(
File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1257, in _call
return await methodobj(*prepared_call.args)
File "/usr/lib/python3/dist-packages/middlewared/schema.py", line 1129, in nf
res = await f(*args, **kwargs)
File "/usr/lib/python3/dist-packages/middlewared/schema.py", line 1261, in nf
return await func(*args, **kwargs)
File "/usr/lib/python3/dist-packages/middlewared/plugins/ldap.py", line 1013, in do_update
await self.middleware.call('ldap.ldap_validate', new, verrors)
File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1308, in call
return await self._call(
File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1257, in _call
return await methodobj(*prepared_call.args)
File "/usr/lib/python3/dist-packages/middlewared/plugins/ldap.py", line 835, in ldap_validate
await self.middleware.call('ldap.validate_credentials', data)
File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1308, in call
return await self._call(
File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1257, in _call
return await methodobj(*prepared_call.args)
File "/usr/lib/python3/dist-packages/middlewared/plugins/ldap.py", line 1072, in validate_credentials
await self.middleware.call('ldapclient.validate_credentials', client_conf)
File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1308, in call
return await self._call(
File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1257, in _call
return await methodobj(*prepared_call.args)
File "/usr/lib/python3/dist-packages/middlewared/schema.py", line 1261, in nf
return await func(*args, **kwargs)
File "/usr/lib/python3/dist-packages/middlewared/plugins/ldap.py", line 185, in validate_credentials
await self.middleware.run_in_executor(self.thread_pool, self._open, data, True)
File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1169, in run_in_executor
return await loop.run_in_executor(pool, functools.partial(method, *args, **kwargs))
File "/usr/lib/python3.9/concurrent/futures/thread.py", line 52, in run
result = self.fn(*self.args, **self.kwargs)
File "/usr/lib/python3/dist-packages/middlewared/plugins/ldap.py", line 328, in _open
raise saved_error
File "/usr/lib/python3/dist-packages/middlewared/plugins/ldap.py", line 307, in _open
self._handle.sasl_gssapi_bind_s()
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 489, in sasl_gssapi_bind_s
self.sasl_non_interactive_bind_s('GSSAPI',serverctrls,clientctrls,sasl_flags,authz_id)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 477, in sasl_non_interactive_bind_s
self.sasl_interactive_bind_s('',auth,serverctrls,clientctrls,sasl_flags)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 467, in sasl_interactive_bind_s
return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 331, in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
File "/usr/lib/python3/dist-packages/ldap/compat.py", line 44, in reraise
raise exc_value
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 315, in _ldap_call
result = func(*args,**kwargs)
ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server", 'errno': 115, 'info': '(unknown error code)'}Manually doing a "ldapsearch" from CLI works fine. DNS also works fine. Disabling certificate validation in LDAP settings did not help (I tried as there was something about legacy certificates in the update notes).
Booting back into 22.02.0.1 and LDAP DS is working as expected again.
Jira issue: https://jira.ixsystems.com/browse/NAS-116046
Last edited:
