Uploaded image for project: 'TrueNAS'
  1. TrueNAS
  2. NAS-105455

LDAP unable to bind using encryption (ON or START_TLS)

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Engineering Closed (View Workflow)
    • Priority: Medium
    • Resolution: Duplicate
    • Affects Version/s: 11.3-U1
    • Fix Version/s: N/A
    • Component/s: Middleware
    • Labels:
      None

      Description

      LDAP (FreeIPA) binding works fine on 11.2-U8. I use START_TLS encryption. Upon update to 11.3-U2, LDAP no longer binds unless I disable encryption. I've tried unchecking the 'Validate Certificates' option even though I have the certificate chain imported so they are valid.

      Error I get is:

      [EFAULT] ldap_update: [EFAULT]

      {'desc': 'Connect error', 'errno': 2, 'info': 'Start TLS request accepted.Server willing to negotiate SSL.'}

      Error: Traceback (most recent call last):
      File "/usr/local/lib/python3.7/site-packages/middlewared/plugins/ldap.py", line 586, in do_update
      await self.middleware.call('ldap.ldap_validate', new)
      File "/usr/local/lib/python3.7/site-packages/middlewared/main.py", line 1127, in call
      app=app, pipes=pipes, job_on_progress_cb=job_on_progress_cb, io_thread=True,
      File "/usr/local/lib/python3.7/site-packages/middlewared/main.py", line 1077, in _call
      return await methodobj(*args)
      File "/usr/local/lib/python3.7/site-packages/middlewared/plugins/ldap.py", line 490, in ldap_validate
      await self.middleware.call('ldap.validate_credentials', data)
      File "/usr/local/lib/python3.7/site-packages/middlewared/main.py", line 1127, in call
      app=app, pipes=pipes, job_on_progress_cb=job_on_progress_cb, io_thread=True,
      File "/usr/local/lib/python3.7/site-packages/middlewared/main.py", line 1091, in _call
      return await run_method(methodobj, *args)
      File "/usr/local/lib/python3.7/site-packages/middlewared/utils/run_in_thread.py", line 10, in run_in_thread
      return await self.loop.run_in_executor(self.run_in_thread_executor, functools.partial(method, *args, **kwargs))
      File "/usr/local/lib/python3.7/site-packages/middlewared/utils/io_thread_pool_executor.py", line 25, in run
      result = self.fn(*self.args, **self.kwargs)
      File "/usr/local/lib/python3.7/site-packages/middlewared/plugins/ldap.py", line 639, in validate_credentials
      ret = LDAP.validate_credentials()
      File "/usr/local/lib/python3.7/site-packages/middlewared/plugins/ldap.py", line 137, in validate_credentials
      ret = self._open()
      File "/usr/local/lib/python3.7/site-packages/middlewared/plugins/ldap.py", line 254, in _open
      raise CallError(str(saved_simple_error))
      middlewared.service_exception.CallError: [EFAULT]

      {'desc': 'Connect error', 'errno': 2, 'info': 'Start TLS request accepted.Server willing to negotiate SSL.'}

      During handling of the above exception, another exception occurred:

      Traceback (most recent call last):
      File "/usr/local/lib/python3.7/site-packages/middlewared/main.py", line 130, in call_method
      io_thread=False)
      File "/usr/local/lib/python3.7/site-packages/middlewared/main.py", line 1077, in _call
      return await methodobj(*args)
      File "/usr/local/lib/python3.7/site-packages/middlewared/service.py", line 302, in update
      f'

      {self._config.namespace}

      .update', self, self.do_update, [data]
      File "/usr/local/lib/python3.7/site-packages/middlewared/main.py", line 1077, in _call
      return await methodobj(*args)
      File "/usr/local/lib/python3.7/site-packages/middlewared/schema.py", line 961, in nf
      return await f(*args, **kwargs)
      File "/usr/local/lib/python3.7/site-packages/middlewared/plugins/ldap.py", line 588, in do_update
      raise ValidationError('ldap_update', str(e))
      middlewared.service_exception.ValidationError: [EFAULT] ldap_update: [EFAULT]

        Attachments

        1. debug-nas-dev-20200317121207.txz
          211 kB
        2. Error.JPG
          Error.JPG
          106 kB
        3. Settings.JPG
          Settings.JPG
          74 kB

          Attachments

            JEditor

              Issue Links

                Activity

                  People

                  Assignee:
                  releng Triage Team
                  Reporter:
                  maxxoverclocker Kyle Prochaska
                  Votes:
                  0 Vote for this issue
                  Watchers:
                  6 Start watching this issue

                    Dates

                    Created:
                    Updated:
                    Resolved: