Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-17705: ldapsearch fails with -l (timelimit) option

Authentication Service ,  

14 April,20 at 01:04 PM

Applies to: All version of Centrify Infrastructure Service
 
Problem:
In large Active Directory environment, when performing ldapsearch while setting the -l (timeout) option with a non-zero value on an object that will result with large number of entries in the ldap_result, the ldapsearch command will fail with the following error and timeout immediately:

/usr/share/centrifydc/bin/ldapsearch -l 20 -LLL -r -m "CN=jsmith" memberOf
SASL/GSSAPI authentication started
SASL SSF: 56
SASL data security layer installed.
ldap_result: Other (e.g., implementation specific) error (80)
 
Cause:
The issue was caused by one of the previous code patch, a zero timeout value was sent to the select() function and resulting the issue as the value that was set being ignored and dependent on the network connectivity or domain controller response time on ldapsearch request

Workaround:
Customer can utilize the "-o apitimeout" option instead of -l instead as a workaround before the fix. For example:

>/usr/share/centrifydc/bin/ldapsearch -o apitimeout=20 -LLL -r -m "CN=jsmith" memberOf

Resolution:
This has been fixed in release of Centrify Infrastructure Service 19.6.

Related Articles

 articleKB-6041: How to show current license type in use by adclient articleKB-6040: How to change the license type in use after adclient successful joined to the AD? articleKB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role? articleKB-6056: How to report the group policy settings that are in effect for the local computer? articleKB-6038: How to specify the license type to use when joining the server to AD using adjoin? articleKB-6044: How to configure users for automatic Kerberos Credentials for infinite renewal even after users have logged out? articleKB-20210: Common Questions Regarding Centrify DirectControl and CoreOS articleKB-6050: How to configure a group for automatic Kerberos Credentials for infinite renewal? articleKB-4698: hadoop fs -ls /user commands fails with error message