Unable to query AD users after upgrading to RHEL 7.7
Issue
- After upgrading IdM servers to
RHEL 7.7
, querying AD users returns no output. -
Errors like below are noticed in
dirsrv
errors log:[18/Sep/2019:15:23:40.813229014 +0400] - ERR - is_allowed_to_access_attr - [file ipa_pwd_extop.c, line 787]: slapi_access_allowed does not allow READ to ipaProtectedOperation;read_keys! [18/Sep/2019:15:23:40.815093644 +0400] - ERR - ipapwd_getkeytab - [file ipa_pwd_extop.c, line 1647]: Not allowed to retrieve keytab on [CLOUD$@EXAMPLE.COM] as user [fqdn=ipaserver.cloud.example.com,cn=computers,cn=accounts,dc=cloud,dc=example,dc=com]!
Environment
- Red Hat Enterprise Linux (RHEL) 7.7
- Identity Management (IdM), version ipa-server-4.6.5-11 and above.
- One way trust established with Active Directory prior to RHEL 7.3.
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.