Uploaded image for project: 'TrueNAS'
  1. TrueNAS
  2. NAS-105681

FreeNAS 11.3.x breaks LDAP binding to macOS 10.13.x Server

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Engineering Closed (View Workflow)
    • Priority: Low
    • Resolution: Duplicate
    • Affects Version/s: 11.3-RELEASE, 12.0-RELEASE
    • Fix Version/s: N/A
    • Component/s: None
    • Labels:

      Description

      FreeNAS 11.3-U1, FreeNAS 11.3-U2, 11.2 (Nightly 12.0-MASTER-202003250424) as LDAP client binding to macOS 10.13.x Server, getent passwd does not show any LDAP users.

      Works fine up to FreeNAS-11.2-U8.

       

      In FreeNAS 11.3 or later, trying to turn on "Anonymous Binding" results in
       

      Error: Traceback (most recent call last):
        File "/usr/local/lib/python3.7/site-packages/middlewared/plugins/ldap.py", line 583, in do_update
          await self.middleware.call('ldap.ldap_validate', new)
        File "/usr/local/lib/python3.7/site-packages/middlewared/main.py", line 1127, in call
          app=app, pipes=pipes, job_on_progress_cb=job_on_progress_cb, io_thread=True,
        File "/usr/local/lib/python3.7/site-packages/middlewared/main.py", line 1077, in _call
          return await methodobj(*args)
        File "/usr/local/lib/python3.7/site-packages/middlewared/plugins/ldap.py", line 487, in ldap_validate
          await self.middleware.call('ldap.validate_credentials', data)
        File "/usr/local/lib/python3.7/site-packages/middlewared/main.py", line 1127, in call
          app=app, pipes=pipes, job_on_progress_cb=job_on_progress_cb, io_thread=True,
        File "/usr/local/lib/python3.7/site-packages/middlewared/main.py", line 1091, in _call
          return await run_method(methodobj, *args)
        File "/usr/local/lib/python3.7/site-packages/middlewared/utils/run_in_thread.py", line 10, in run_in_thread
          return await self.loop.run_in_executor(self.run_in_thread_executor, functools.partial(method, *args, **kwargs))
        File "/usr/local/lib/python3.7/site-packages/middlewared/utils/io_thread_pool_executor.py", line 25, in run
          result = self.fn(*self.args, **self.kwargs)
        File "/usr/local/lib/python3.7/site-packages/middlewared/plugins/ldap.py", line 636, in validate_credentials
          ret = LDAP.validate_credentials()
        File "/usr/local/lib/python3.7/site-packages/middlewared/plugins/ldap.py", line 137, in validate_credentials
          ret = self._open()
        File "/usr/local/lib/python3.7/site-packages/middlewared/plugins/ldap.py", line 197, in _open
          ldap.set_option(ldap.OPT_X_TLS_NEWCTX, 0)
        File "/usr/local/lib/python3.7/site-packages/ldap/functions.py", line 103, in set_option
          return _ldap_function_call(None,_ldap.set_option,option,invalue)
        File "/usr/local/lib/python3.7/site-packages/ldap/functions.py", line 55, in _ldap_function_call
          result = func(*args,**kwargs)
      ValueError: option error
      
      During handling of the above exception, another exception occurred:
      
      Traceback (most recent call last):
        File "/usr/local/lib/python3.7/site-packages/middlewared/main.py", line 130, in call_method
          io_thread=False)
        File "/usr/local/lib/python3.7/site-packages/middlewared/main.py", line 1077, in _call
          return await methodobj(*args)
        File "/usr/local/lib/python3.7/site-packages/middlewared/service.py", line 302, in update
          f'{self._config.namespace}.update', self, self.do_update, [data]
        File "/usr/local/lib/python3.7/site-packages/middlewared/main.py", line 1077, in _call
          return await methodobj(*args)
        File "/usr/local/lib/python3.7/site-packages/middlewared/schema.py", line 960, in nf
          return await f(*args, **kwargs)
        File "/usr/local/lib/python3.7/site-packages/middlewared/plugins/ldap.py", line 585, in do_update
          raise ValidationError('ldap_update', str(e))
      middlewared.service_exception.ValidationError: [EFAULT] ldap_update: option error


      Turning off "Allow Anonymous Binding" again does not even bring up the options.

      I am using internal certificates and a rootCA created with mkcert.

       

        Attachments

          Attachments

            JEditor

              Activity

                People

                Assignee:
                releng Triage Team
                Reporter:
                bugssy Bugs Schmidt
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: