AuthenticationError: LDAP Result Code 32 "No Such Object" in RHOCP.
Environment
- Red Hat OpenShift Container Platform (RHOCP)
- 4.x
Issue
- Unable to login in to RHOCP cluster using specific
LDAPusers. - CLI login throws generic error:
Error from server (InternalError): Internal error occurred: unexpected response: 500.
Resolution
- This errors usually comes when user is not found in the defined search base.
- Verify the user base DN using ldapsearch.
$ ldapsearch -x -b <search_base> -H <ldap_host> -D <bind_dn> -W '(&(objectClass=*)(uid=<username>))'
- Make sure you are using correct Base DN in the URL search base.
- The LDAP user should be present in the same OU mentioned in the search base.
Root Cause
- The user is not present in the OU mentioned in URL search base.
Diagnostic Steps
I0506 13:35:10.560213 1 ldap.go:131] searching for (&(objectClass=*)(uid=LDAP_USER))
E0506 13:35:10.580070 1 basicauth.go:45] Error authenticating login "LDAP_USER" with provider "ldap": LDAP Result Code 32 "No Such Object": 0000208D: NameErr: DSID-0310021F, problem 2001 (NO_OBJECT), data 0, best match of:''
I0506 13:35:10.580113 1 authenticator.go:50] OAuth authentication error: LDAP Result Code 32 "No Such Object": 0000208D: NameErr: DSID-0310021F, problem 2001 (NO_OBJECT), data 0, best match of:''
E0506 13:35:10.580123 1 errorpage.go:28] AuthenticationError: LDAP Result Code 32 "No Such Object": 0000208D: NameErr: DSID-0310021F, problem 2001 (NO_OBJECT), data 0, best match of:
- Verify the user exists in which OU on LDAP.
$ ldapsearch -x -b <search_base> -H <ldap_host> -D <bind_dn> -W '(&(objectClass=*)(uid=<username>))'
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments