iDRAC10: Unable to Log in with Directory Service Accounts
Summary: iDRAC10 authentication or authorization with Directory Service accounts is not working under certain conditions.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
The user is unable to log in to iDRAC10 using Directory Service integrated account with the error message:
- "RAC0212"
Or
- "RAC0506"
- "The same Directory Service integration configuration is working on iDRAC9 systems."
The Directory Service "Test" feature shows "Filter Compile Error" at UserSearch or User Authorization as failed.
[20:17:38]: "Dial" Performed. Result: "Dial success" LDAP URL: "ldap://dcfqdn:389"
[20:17:38]: "Bind" Performed. Result: "Bind success" Bind User: "test.user@example.com"
[20:17:38]: "UserSearch" Performed. Result: "Filter Compile Error, Err: LDAP Result Code 201 "Filter Compile Error": ldap: invalid characters for escape in filter: encoding/hex: invalid byte: U+002C ','"
Cause
In iDRAC10, the LDAP queries are built based on object attributes returned from pervious search. If the result contains LDAP special characters in the "cn" or "distinguishedName" they do not get properly escaped.
Offending characters include "," "(" ")" ".".
/* User Search */
"attribute_list": [
"cn",
"samaccountname",
"sn",
"userPrincipalName",
"objectGUID",
"objectSid",
"sAMAccountName",
"mail",
"userAccountControl",
"msDS-UserPasswordExpiryTimeComputed"
]
/* Group Search */
"attribute_list": [
"cn",
"distinguishedName",
"groupType",
"objectClass",
"objectSid",
"sAMAccountName"
]
Resolution
This behavior is addressed in the upcoming iDRAC10 Firmware release 1.20.80.50.
Affected Products
iDRAC10 - 1.10.xx Series, iDRAC10 - 1.20.xx SeriesArticle Properties
Article Number: 000352805
Article Type: Solution
Last Modified: 04 Sep 2025
Version: 2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.