Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-17705: ldapsearch fails with -l (timelimit) option

Authentication Service ,  

1 August,19 at 09:31 AM

Applies to: All version of Centrify Infrastructure Service
 
Problem:
In large Active Directory environment, when performing ldapsearch while setting the -l (timeout) option with a non-zero value on an object that will result with large number of entries in the ldap_result, the ldapsearch command will fail with the following error and timeout immediately:


/usr/share/centrifydc/bin/ldapsearch -l 20 -LLL -r -m "CN=jsmith" memberOf
SASL/GSSAPI authentication started
SASL SSF: 56
SASL data security layer installed.
ldap_result: Other (e.g., implementation specific) error (80)

 
Cause:

The issue was caused by one of the previous code patch, a zero timeout value was sent to the select() function and resulting the issue as the value that was set being ignored and dependent on the network connectivity or domain controller response time on ldapsearch request

Workaround:
Customer can utilize the "-o apitimeout" option instead of -l instead as a workaround before the fix. For example:

>/usr/share/centrifydc/bin/ldapsearch -o apitimeout=20 -LLL -r -m "CN=jsmith" memberOf

Resolution:
This will be fixed in future release of Centrify Infrastructure Service 19.6.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.