meta backend is running in cn=config, OpenLDAP version is 2.4.44
I'm configuring an OpenLDAP meta backend to authenticate Active Directory users from two different domains. I can successfully log in a user through this authentication method but if the connection is inactive for about 15 min or more the authentication will fail. I have a wireshark packet capture running on the machine that shows me that on the first authentication it goes:
bind to AD-Server
search user
bind user
unbind
Fin, Ack
Ack
Rst
whereas after 15 min or so pass if I try to authenticate a user it fails. When I look at the packet capture the binddn and bindpw that it uses in the bindrequest to bind to the AD-Server are shown as name: (blank) and "simple: " respectively. It gets more confusing to me because in response to this seemingly faulty bindrequest the first response is bindResponse (1) success initiating the search request being sent and then answered with
operationsError (000004DC: LdapErr: DSID-0C090A5C, comment: in order to perform this operation a successful bind must be completed on the connection., data 0, v4563).
This issue seems to persists on every attempted login until i restart slapd.
The part of slapd.conf that affects the connection I'm currently testing:
database meta
suffix dc=domain1,dc=de
readonly yes
protocol-version 3
uri "ldap://dc.domain1.de/dc=domain1,dc=de"
chase-referrals yes
suffixmassage "dc=domain1,dc=de" "dc=domain2,dc=de"
map attribute sAMAccountname userPrincipalName
rebind-as-user
idassert-bind bindmethod=simple
binddn="cn=Ldapuser,ou=Administration,dc=domain2,dc=de"
credentials="secret"
idassert-authzFrom "*"
