Falha na autenticação LDAP do PowerFlex 3.x no Ubuntu 16.04 e superior
Summary: O login do MDM não funciona com a autenticação LDAP no Ubuntu 16.04 e superior, com o PowerFlex 3.5 e superior.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
Cenário
O PowerFlex 3.5 e superior, em execução no Ubuntu 16.04 e superior, não faz log-in usando LDAP e reinicia o serviço MDM.
Sintomas
Falha do comando da SCLI:
root@ubuntu16-mdm1# date; scli --login --username test_user --password test_password --ldap_authentication Wed Dec 15 03:09:03 EST 2021 Error: MDM failed command. Status: Communication error
Os rastreamentos do MDM mostram que uma tentativa de autenticação LDAP nem sequer é iniciada e o serviço MDM é reiniciado normalmente, mdmNet_AbnormalExitCK: 00334: Irá pausar a rede, com o Sinal 6 (SIGABRT = comumente usado para abortar o programa se houver erros críticos):
15/12 03:09:03.974587 7efef1ce2db0:mosEventLog_PostInternal:00609: New event added. Message: "Command login received, User: 'test_user'. [9]". Additional info: ". Originating source IP: 127.0.0.1" Severity: Info 15/12 03:09:03.974601 7efef1ce2db0:ldapAuthMgr_GetLdapServiceRefByKey:02332: Failed to get LDAP service object by name - rc: LDAP_SERVICE_NOT_FOUND 15/12 03:09:03.982275 7efef1ce2db0:mdmNet_AbnormalExitCK:00334: Will pause network <<<<<--- MDM service gracefully prepares for a restart 15/12 03:09:03.982290 7efef1ce2db0:net_Pause:02235: Net paused 1 (reversible 0) 15/12 03:09:03.982310 7efef6a9ddb0:netListen_Mit:00170: Error (ABORTED) accepting on socket 26 15/12 03:09:03.982322 7efef1ce2db0:net_Pause:02235: Net paused 1 (reversible 0) 15/12 03:09:03.982346 7efef1ce2db0:mosOsThrd_DumpBacktraceToTraces:01120: Dumping thread 0x33af7d0 backtrace: 15/12 03:09:03.982347 7efef1ce2db0:mosOsThrd_DumpBacktraceToTraces:01133: Thread 0x33af7d0: frame 0: __fortify_fail+0x5c [0x7eff1426e21c] 15/12 03:09:03.982349 7efef1ce2db0:mosDbg_SignalHandler:00723: ---Termination due to signal 6. PID 16584 Faulting address 0x40c8. errno 0--- 15/12 03:09:04.133079 0:mosTrcLayer_Create:00239: ---------- Process started. Version private PowerFlex R3_5.1400.104_Release, CodeBase , Sep 12 2021. PID 20567 ---------- 15/12 03:09:04.133096 0:mosTrcLayer_Create:00251: No debug actions enabled 15/12 03:09:04.133162 0:mosXmti_SetLastSdbgOpStatus:00750: Last XMTI status set to XMTI is online. 15/12 03:09:04.133169 0:mosDynamicLib_Open:00093: lib-name: libblkid.so.1 15/12 03:09:04.133304 0:mosDynamicLib_Open:00103: load success lib-name: libblkid.so.1 15/12 03:09:04.133909 0:mosDynamicLib_Open:00093: lib-name: libpmem.so.1.0.0:libpmem.so.1:libpmem.so:/usr/lib64/libpmem.so.1.0.0:/usr/lib64/libpmem.so.1:/usr/lib64/libpmem.so
Um exemplo de autenticação e login LDAP bem-sucedidos (no sistema operacional RHEL):
15/12 03:09:28.422220 0x7fd8b1cfddb0:mosEventLog_PostInternal:00609: New event added. Message: "Command login received, User: 'test_user'. [144]". Additional info: ". Originating source IP: 127.0.0.1" Severity: Info 15/12 03:09:28.422354 0x7fd8b1cfddb0:ldapAuthMgr_GetLdapServiceRefByKey:02332: Failed to get LDAP service object by name - rc: LDAP_SERVICE_NOT_FOUND 15/12 03:09:28.422404 0x7fd8b1cfddb0:ldapAuthMgr_Authenticate:00711: base-dn: dc=TESTLDAP,dc=LAB,dc=COM, uri: ldap://TESTLDAP.COM:389, user: test_user, num-groups: 4 15/12 03:09:28.422732 (nil):mosOsThrd_StartFunc:00576: Starting thread () tid 293046 15/12 03:09:28.422888 (nil):mosLdap_SearchUserInDomainGroupsIntr:00463: Initializing - timeout: 8 (1)... 15/12 03:09:28.422911 (nil):mosLdap_InitConInternal:00046: Before ldap_initialize - URI: ldap://TESTLDAP.COM:389 15/12 03:09:28.423112 (nil):mosLdap_InitConInternal:00048: After ldap_initialize - rc: 0 15/12 03:09:28.423125 (nil):mosLdap_InitConnection:00205: Connection was successfully established to ldap://TESTLDAP.COM:389 ldap service 15/12 03:09:28.423169 (nil):mosLdap_SearchUserInDomainGroupsIntr:00478: username: test_user, search-user: test_user, bind-user: uid=test_user,ou=Operations,dc=TESTLDAP,dc=LAB,dc=COM 15/12 03:09:28.423172 (nil):mosLdap_SearchUserInDomainGroupsIntr:00481: Binding (1)... 15/12 03:09:28.423196 (nil):mosLdap_Bind:00120: Before ldap_sasl_bind - user-name: uid=test_user,ou=Operations,dc=TESTLDAP,dc=LAB,dc=COM, timeout-sec: 8 15/12 03:09:28.423198 (nil):mosLdap_SetTimeout:00072: Set library timeout to: 8 seconds 15/12 03:09:28.433429 (nil):mosLdap_Bind:00130: After ldap_sasl_bind - rc: 0, msg-id: 1 15/12 03:09:28.433458 (nil):mosLdap_Bind:00141: Set timeout to 7 sec 15/12 03:09:28.434458 (nil):mosLdap_Bind:00153: ldap_result: res-type: 0x61, result: 0x7fd86c045260 15/12 03:09:28.434470 (nil):mosLdap_Bind:00182: User id=test_user,ou=Operations,dc=TESTLDAP,dc=LAB,dc=COM was successfully binded to LDAP service 15/12 03:09:28.434475 (nil):mosLdap_SearchUserInDomainGroupsIntr:00532: Time passed till search of group 0: 10 ms 15/12 03:09:28.434478 (nil):mosLdap_SearchUserInDomainGroupsIntr:00538: Searching group: 0, filter: (&(uid=test_user)(memberOf=cn=Lab-Test,ou=Operations,dc=TESTLDAP,dc=LAB,dc=COM)) 15/12 03:09:28.434479 (nil):mosLdap_SetTimeout:00072: Set library timeout to: 9 seconds 15/12 03:09:28.436388 (nil):mosLdap_SearchUserInDomainGroupsIntr:00546: Searching group: 0, rc: SUCCESS 15/12 03:09:28.436394 (nil):mosLdap_SearchUserInDomainGroupsIntr:00532: Time passed till search of group 1: 10 ms 15/12 03:09:28.436398 (nil):mosLdap_SearchUserInDomainGroupsIntr:00538: Searching group: 1, filter: (&(uid=test_user)(memberOf=cn=Lab-Test,ou=Operations,dc=TESTLDAP,dc=LAB,dc=COM)) 15/12 03:09:28.436401 (nil):mosLdap_SetTimeout:00072: Set library timeout to: 9 seconds 15/12 03:09:28.437628 (nil):mosLdap_SearchUserInDomainGroupsIntr:00546: Searching group: 1, rc: SUCCESS 15/12 03:09:28.437632 (nil):mosLdap_SearchUserInDomainGroupsIntr:00532: Time passed till search of group 2: 20 ms 15/12 03:09:28.437634 (nil):mosLdap_SearchUserInDomainGroupsIntr:00538: Searching group: 2, filter: (&(uid=test_user)(memberOf=cn=Lab-Test,ou=Operations,dc=TESTLDAP,dc=LAB,dc=COM)) 15/12 03:09:28.437635 (nil):mosLdap_SetTimeout:00072: Set library timeout to: 9 seconds 15/12 03:09:28.438884 (nil):mosLdap_SearchUserInDomainGroupsIntr:00546: Searching group: 2, rc: SUCCESS 15/12 03:09:28.438890 (nil):mosLdap_SearchUserInDomainGroupsIntr:00532: Time passed till search of group 3: 20 ms 15/12 03:09:28.438894 (nil):mosLdap_SearchUserInDomainGroupsIntr:00538: Searching group: 3, filter: (&(uid=test_user)(memberOf=cn=Lab-Test,ou=Operations,dc=TESTLDAP,dc=LAB,dc=COM)) 15/12 03:09:28.438896 (nil):mosLdap_SetTimeout:00072: Set library timeout to: 9 seconds 15/12 03:09:28.440113 (nil):mosLdap_SearchUserInDomainGroupsIntr:00546: Searching group: 3, rc: SUCCESS 15/12 03:09:28.440118 (nil):mosLdap_SearchUserInDomainGroupsIntr:00572: Un-binding... 15/12 03:09:28.441164 (nil):mosLdap_SearchUserInDomainGroupsIntr:00581: User test_user was found in 4 groups - search-user: ccmadm, bind-user: uid=test_user,ou=Operations,dc=TESTLDAP,dc=LAB,dc=COM, rc: SUCCESS, time: 20 ms 15/12 03:09:28.441647 0x7fd8b1cfddb0:ldapAuthMgr_Authenticate:00731: Completed - roles-mask: 0xF 15/12 03:09:28.441730 0x7fd8b1cfddb0:repType_AllocObjects:04767: Allocating 1 objects (first-index: 2) of type SESSION 15/12 03:09:28.441785 0x7fd8b16fadb0:repExtent_IO:03750: Writing to the repository - Extent: 7092, Page: 113778, Size: 8192, Batch size: 1, Last type: SESSION 15/12 03:09:28.445751 0x7fd8b170cdb0:repExtent_IO:03750: Writing to the repository - Extent: 7092, Page: 113778, Size: 8192, Batch size: 1, Last type: SESSION 15/12 03:09:28.447731 0x7fd8b1cfddb0:mosEventLog_PostInternal:00609: New event added. Message: "Command login succeeded. [144]". Additional info: "" Severity: Info
Impacto
Os usuários autenticados pelo LDAP não podem fazer log-in no MDM. Alternância do MDM em cada tentativa de LDAP
Cause
É um problema relacionado ao sistema operacional, específico do Ubuntu ao usar OpenLDAP.
Quando a função interna do PowerFlex tenta copiar o número do caractere baseDn na solicitação de autenticação, ela usa o tamanho de caracteres char[256] LdapDn codificado, que é 256, em que o máximo para iniciar uma solicitação de conexão é de 128 caracteres, que é representado por FQDN(char[128])).
O máximo para iniciar uma solicitação de conexão é de 128 caracteres, como resultado, a tentativa de enviar uma solicitação de autenticação causa um estouro de buffer.
Em outro SO, a operação de cópia copia o mínimo de caracteres em Fqdn (char[128])), que é o número real de caracteres (menor que 128). No Ubuntu, ele copia o comprimento char[256] do LdapDn, que é 256.
Resolution
Versões afetadas
PowerFlex 3.5.x.x
PowerFlex 3.6.x.x
Correção feita na versão
PowerFlex 3.5.1.6
PowerFlex 3.6.0.4
Affected Products
PowerFlex SoftwareProducts
PowerFlex Appliance, PowerFlex appliance R650, PowerFlex appliance R6525, Powerflex appliance R750, PowerFlex custom node, PowerFlex custom node R650, PowerFlex custom node R6525Article Properties
Article Number: 000194824
Article Type: Solution
Last Modified: 14 Apr 2025
Version: 4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.