TrueNAS Scale 22.02.1 - LDAP Directory Service Error

xenu

Dabbler
Joined
Nov 12, 2015
Messages
43
After updating TrueNAS Scale from 22.02.0.1 to 22.02.1 I can't connect the LDAP Directory Service anymore:
Code:
[2022/05/05 10:01:43] (WARNING) application.call_method():210 - Exception while calling ldap.update(*[{'hostname': ['ipa01.ipa.mydomain.com'], 'basedn': 'dc=ipa,dc=mydomain,dc=com', 'binddn': 'uid=truenas,cn=users,cn=accounts,dc=ipa,dc=mydomain,dc=com', 'enable': True, 'anonbind': False, 'ssl': 'ON', 'certificate': None, 'validate_certificates': True, 'disable_freenas_cache': False, 'kerberos_realm': 1, 'kerberos_principal': '', 'timeout': 30, 'dns_timeout': 30, 'has_samba_schema': False, 'auxiliary_parameters': 'base passwd cn=users,cn=accounts,dc=ipa,dc=mydomain,dc=com\nbase group cn=groups,cn=compat,dc=ipa,dc=mydomain,dc=com', 'schema': 'RFC2307'}])
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/middlewared/main.py", line 175, in call_method
    result = await self.middleware._call(message['method'], serviceobj, methodobj, params, app=self)
  File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1257, in _call
    return await methodobj(*prepared_call.args)
  File "/usr/lib/python3/dist-packages/middlewared/service.py", line 574, in update
    rv = await self.middleware._call(
  File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1257, in _call
    return await methodobj(*prepared_call.args)
  File "/usr/lib/python3/dist-packages/middlewared/schema.py", line 1129, in nf
    res = await f(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/middlewared/schema.py", line 1261, in nf
    return await func(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/middlewared/plugins/ldap.py", line 1013, in do_update
    await self.middleware.call('ldap.ldap_validate', new, verrors)
  File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1308, in call
    return await self._call(
  File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1257, in _call
    return await methodobj(*prepared_call.args)
  File "/usr/lib/python3/dist-packages/middlewared/plugins/ldap.py", line 835, in ldap_validate
    await self.middleware.call('ldap.validate_credentials', data)
  File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1308, in call
    return await self._call(
  File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1257, in _call
    return await methodobj(*prepared_call.args)
  File "/usr/lib/python3/dist-packages/middlewared/plugins/ldap.py", line 1072, in validate_credentials
    await self.middleware.call('ldapclient.validate_credentials', client_conf)
  File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1308, in call
    return await self._call(
  File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1257, in _call
    return await methodobj(*prepared_call.args)
  File "/usr/lib/python3/dist-packages/middlewared/schema.py", line 1261, in nf
    return await func(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/middlewared/plugins/ldap.py", line 185, in validate_credentials
    await self.middleware.run_in_executor(self.thread_pool, self._open, data, True)
  File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1169, in run_in_executor
    return await loop.run_in_executor(pool, functools.partial(method, *args, **kwargs))
  File "/usr/lib/python3.9/concurrent/futures/thread.py", line 52, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/usr/lib/python3/dist-packages/middlewared/plugins/ldap.py", line 328, in _open
    raise saved_error
  File "/usr/lib/python3/dist-packages/middlewared/plugins/ldap.py", line 307, in _open
    self._handle.sasl_gssapi_bind_s()
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 489, in sasl_gssapi_bind_s
    self.sasl_non_interactive_bind_s('GSSAPI',serverctrls,clientctrls,sasl_flags,authz_id)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 477, in sasl_non_interactive_bind_s
    self.sasl_interactive_bind_s('',auth,serverctrls,clientctrls,sasl_flags)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 467, in sasl_interactive_bind_s
    return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 331, in _ldap_call
    reraise(exc_type, exc_value, exc_traceback)
  File "/usr/lib/python3/dist-packages/ldap/compat.py", line 44, in reraise
    raise exc_value
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 315, in _ldap_call
    result = func(*args,**kwargs)
ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server", 'errno': 115, 'info': '(unknown error code)'}

Manually doing a "ldapsearch" from CLI works fine. DNS also works fine. Disabling certificate validation in LDAP settings did not help (I tried as there was something about legacy certificates in the update notes).
Booting back into 22.02.0.1 and LDAP DS is working as expected again.

Jira issue: https://jira.ixsystems.com/browse/NAS-116046
 
Last edited:

xenu

Dabbler
Joined
Nov 12, 2015
Messages
43
found a workaround/solution. See Jira issue.
 
Top