Unable to access CIFS shares due to LDAP timing out querying for msDS-PrincipalName
Applies to
- LDAP
- ONTAP 9
Issue
- Users are unable to access CIFS shares.
- LDAP authentication is timing out with errors: RESULT_ERROR_LDAPSERVER_INAPPROPRIATE_MATCHING and RESULT_ERROR_SECD_CONNECTION_WAIT_TIMEOUT.
Searching LDAP for the "sAMAccountName" attribute(s) within base "dc=us,dc=netapp,dc=com" (scope: 2) using filter: (&(objectClass=User)(msDS-PrincipalName=netapp\test_user$)) { in searchLdap() at src/utils/secd_ldap_utils.cpp:312 } info : LDAP search for the "sAMAccountName" attribute(s) within base "dc=us,dc=bank-dns,dc=com" (scope: 2) using filter "(&(objectClass=User)(msDS-PrincipalName=us\test_user$))" failed with error: Inappropriate matching { in searchLdap() at src/utils/secd_ldap_utils.cpp:394 } info : Additional info: 0000216B: AtrErr: DSID-03140525, #1: ^I0: 0000216B: DSID-123456789, problem 1004 (WRONG_MATCH_OPER), data 0, Att 90749 (msDS-PrincipalName){ in searchLdap() at src/utils/secd_ldap_utils.cpp:397 } ERR : RESULT_ERROR_LDAPSERVER_INAPPROPRIATE_MATCHING:7617 in searchLdap() at src/utils/secd_ldap_utils.cpp:400 ERR : searchLdap: LDAP Error: (18): 'Inappropriate matching': ERR : RESULT_ERROR_LDAPSERVER_INAPPROPRIATE_MATCHING:7617 in getLdapMappedUnixUserName() at src/name_mapping/secd_ldap_name_mapping.cpp:195 ERR : RESULT_ERROR_LDAPSERVER_INAPPROPRIATE_MATCHING:7617 in mapNameViaLdap() at src/name_mapping/secd_name_mapping.cpp:546 ERR : RESULT_ERROR_LDAPSERVER_INAPPROPRIATE_MATCHING:7617 in getAppropriateWindowsToUnixMapping() at src/name_mapping/secd_name_mapping.cpp:786
SECD Log: