[Freeipa-users] ldapwhoami Error: Unsupported Extended Operation

Trevor T Kates (Services - 6) trevor.t.kates at dom.com
Thu May 15 14:51:44 UTC 2014 

Hello, all:

I'm using IPA 3.0.0-26 on CentOS 6.4:

ipa-server-3.0.0-26.el6_4.4.x86_64
ipa-client-3.0.0-26.el6_4.4.x86_64
ipa-server-selinux-3.0.0-26.el6_4.4.x86_64

kernel: 2.6.32-358.18.1.el6.x86_64

My current setup has four masters replicating to each other and I seem to have run into a problem with ldapwhoami on my clients.


$ ldapwhoami
SASL/GSSAPI authentication started
SASL username: testuser at EXAMPLE.COM
SASL SSF: 56
SASL data security layer installed.
ldap_parse_result: Protocol error (2)
    additional info: unsupported extended operation
Result: Protocol error (2)
Additional info: unsupported extended operation


The slapd log on one of my masters shows:

[15/May/2014:10:22:01 -0400] conn=35293 fd=95 slot=95 connection from 10.203.1.121 to 10.203.1.221
[15/May/2014:10:22:01 -0400] conn=35293 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI
[15/May/2014:10:22:01 -0400] conn=35293 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress
[15/May/2014:10:22:01 -0400] conn=35293 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI
[15/May/2014:10:22:01 -0400] conn=35293 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress
[15/May/2014:10:22:01 -0400] conn=35293 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI
[15/May/2014:10:22:01 -0400] conn=35293 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=testuser,cn=users,cn=accounts,dc=example,dc=com"
[15/May/2014:10:22:01 -0400] conn=35293 op=3 EXT oid="1.3.6.1.4.1.4203.1.11.3"
[15/May/2014:10:22:01 -0400] conn=35293 op=3 RESULT err=2 tag=120 nentries=0 etime=0
[15/May/2014:10:22:01 -0400] conn=35293 op=4 UNBIND
[15/May/2014:10:22:01 -0400] conn=35293 op=4 fd=95 closed - U1

This is a partial debug from the ldapwhoami command:

ldap_read: want=36, got=36
  0000:  01 02 04 00 04 1e 75 6e  73 75 70 70 6f 72 74 65   ......unsupporte  
  0010:  64 20 65 78 74 65 6e 64  65 64 20 6f 70 65 72 61   d extended opera  
  0020:  74 69 6f 6e                                        tion              
ber_get_next: tag 0x30 len 42 contents:
ber_dump: buf=0x834e888 ptr=0x834e888 end=0x834e8b2 len=42
  0000:  02 01 04 78 25 0a 01 02  04 00 04 1e 75 6e 73 75   ...x%.......unsu  
  0010:  70 70 6f 72 74 65 64 20  65 78 74 65 6e 64 65 64   pported extended  
  0020:  20 6f 70 65 72 61 74 69  6f 6e                      operation        
read1msg: ld 0x83410e0 msgid 4 message type extended-result
ber_scanf fmt ({eAA) ber:
ber_dump: buf=0x834e888 ptr=0x834e88b end=0x834e8b2 len=39
  0000:  78 25 0a 01 02 04 00 04  1e 75 6e 73 75 70 70 6f   x%.......unsuppo  
  0010:  72 74 65 64 20 65 78 74  65 6e 64 65 64 20 6f 70   rted extended op  
  0020:  65 72 61 74 69 6f 6e                               eration           
read1msg: ld 0x83410e0 0 new referrals
read1msg:  mark request completed, ld 0x83410e0 msgid 4
request done: ld 0x83410e0 msgid 4
res_errno: 2, res_error: <unsupported extended operation>, res_matched: <>
ldap_free_request (origid 4, msgid 4)
ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_dump: buf=0x834e888 ptr=0x834e88b end=0x834e8b2 len=39
  0000:  78 25 0a 01 02 04 00 04  1e 75 6e 73 75 70 70 6f   x%.......unsuppo  
  0010:  72 74 65 64 20 65 78 74  65 6e 64 65 64 20 6f 70   rted extended op  
  0020:  65 72 61 74 69 6f 6e                               eration           
ber_scanf fmt (}) ber:
ber_dump: buf=0x834e888 ptr=0x834e8b2 end=0x834e8b2 len=0

ldap_err2string
ldap_parse_result: Protocol error (2)
	additional info: unsupported extended operation
ldap_err2string
Result: Protocol error (2)
Additional info: unsupported extended operation


Any help you can offer to guide me in fixing this problem would be appreciated. Thank you for your time!


Trevor T. Kates



CONFIDENTIALITY NOTICE:  This electronic message contains information which may be legally confidential and or privileged and does not in any case represent a firm ENERGY COMMODITY bid or offer relating thereto which binds the sender without an additional express written confirmation to that effect.  The information is intended solely for the individual or entity named above and access by anyone else is unauthorized.  If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful.  If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it.  Thank you.

More information about the Freeipa-users mailing list