OPERATIONAL DEFECT DATABASE
...
...
Using the "Test Generic LDAP Settings" feature the detailed output shows that LDAP BIND failed. Detailed output shows the BIND Distinguished Name (DN) is truncated.
This impacts IPA and any other LDAP implementation where user objects DN is starting with uid=
This behavior is fixed in iDRAC10 Firmware release 1.20.80.50. NOTE: IPA server returns two objects for User search. The first is for the IPA object and the second is for Posix Compatibility. "uid=test_user,cn=users,cn=accounts,dc=example,dc=com""uid=test_user,cn=users,cn=compat,dc=example,dc=com" This means that iDRAC must have a search constraint specified so that only one object is returned from the user search. One example is to specify SearchFilter=objectClass=inetorgperson [Key=idrac.Embedded.1#LDAP.1] BaseDN=dc=example,dc=com BindDN=uid=ldap_service,cn=users,cn=accounts,dc=example,dc=com !!BindPassword=******** (Write-Only) CertValidationEnable=Disabled Connection=LDAPS Enable=Enabled GroupAttribute=member GroupAttributeIsDN=Enabled Port=636 RSASecurID2FALDAP=Disabled SearchFilter=objectClass=inetorgperson <---- Server=ipa-server.example.com UserAttribute=uid UUIDLDAPAttr=ipaUniqueID
Click on a version to see all relevant bugs
Dell Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
