iDRAC10: Generic LDAP authentication fails with IPA servers
Summary: iDRAC10 when using Generic Lightweight Directory Access Protocol (LDAP) authentication fails when connecting to Identity Policy Audit (IPA) directory servers.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
Using the "Test Generic LDAP Settings" feature the detailed output shows that LDAP BIND failed. Detailed output shows the BIND Distinguished Name (DN) is truncated.
Cause
This impacts IPA and any other LDAP implementation where user objects DN is starting with uid=
Resolution
This behavior is fixed in iDRAC10 Firmware release 1.20.80.50.
NOTE: IPA server returns two objects for User search. The first is for the IPA object and the second is for Posix Compatibility.
- "uid=test_user,cn=users,cn=accounts,dc=example,dc=com"
- "uid=test_user,cn=users,cn=compat,dc=example,dc=com"
This means that iDRAC must have a search constraint specified so that only one object is returned from the user search.
One example is to specify SearchFilter=objectClass=inetorgperson
[Key=idrac.Embedded.1#LDAP.1] BaseDN=dc=example,dc=com BindDN=uid=ldap_service,cn=users,cn=accounts,dc=example,dc=com !!BindPassword=******** (Write-Only) CertValidationEnable=Disabled Connection=LDAPS Enable=Enabled GroupAttribute=member GroupAttributeIsDN=Enabled Port=636 RSASecurID2FALDAP=Disabled SearchFilter=objectClass=inetorgperson <---- Server=ipa-server.example.com UserAttribute=uid UUIDLDAPAttr=ipaUniqueID
Affected Products
iDRAC10 - 1.10.xx Series, iDRAC10 - 1.20.xx SeriesArticle Properties
Article Number: 000370665
Article Type: Solution
Last Modified: 29 Sep 2025
Version: 1
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.