Openldap meta backend empty binddn and bindpw after inactivity/operationserror succesful bind must be completed on the connection

by flag

meta backend is running in cn=config, OpenLDAP version is 2.4.44

I'm configuring an OpenLDAP meta backend to authenticate Active Directory users from two different domains. I can successfully log in a user through this authentication method but if the connection is inactive for about 15 min or more the authentication will fail. I have a wireshark packet capture running on the machine that shows me that on the first authentication it goes: bind to AD-Server search user bind user unbind Fin, Ack Ack Rst whereas after 15 min or so pass if I try to authenticate a user it fails. When I look at the packet capture the binddn and bindpw that it uses in the bindrequest to bind to the AD-Server are shown as name: (blank) and "simple: " respectively. It gets more confusing to me because in response to this seemingly faulty bindrequest the first response is bindResponse (1) success initiating the search request being sent and then answered with

operationsError (000004DC: LdapErr: DSID-0C090A5C, comment: in order to perform this operation a successful bind must be completed on the connection., data 0, v4563).

This issue seems to persists on every attempted login until i restart slapd.

The part of slapd.conf that affects the connection I'm currently testing:

database        meta
suffix          dc=domain1,dc=de
readonly        yes
protocol-version    3

uri             "ldap://,dc=de"
chase-referrals     yes
suffixmassage       "dc=domain1,dc=de" "dc=domain2,dc=de"
map         attribute   sAMAccountname      userPrincipalName
idassert-bind       bindmethod=simple
idassert-authzFrom "*"

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.