Applies to: All version of Centrify Infrastructure Service
Problem: In large Active Directory environment, when performing ldapsearch while setting the -l (timeout) option with a non-zero value on an object that will result with large number of entries in the ldap_result, the ldapsearch command will fail with the following error and timeout immediately:
/usr/share/centrifydc/bin/ldapsearch -l 20 -LLL -r -m "CN=jsmith" memberOf SASL/GSSAPI authentication started SASL SSF: 56 SASL data security layer installed. ldap_result: Other (e.g., implementation specific) error (80) Cause: The issue was caused by one of the previous code patch, a zero timeout value was sent to the select() function and resulting the issue as the value that was set being ignored and dependent on the network connectivity or domain controller response time on ldapsearch request
Workaround: Customer can utilize the "-o apitimeout" option instead of -l instead as a workaround before the fix. For example: