NetWorker: LDAP Integration Failing with "LDAP: error code 12 - Unavailable Critical Extension"
Сводка: NetWorker Lightweight Directory Access Protocol (LDAP) integration is failing with [LDAP: error code 12 - Unavailable Critical Extension]. This KB is applicable to LDAP server integration and does not apply when backend authentication is Microsoft Active Directory (AD) ...
Данная статья применяется к
Данная статья не применяется к
Эта статья не привязана к какому-либо конкретному продукту.
В этой статье указаны не все версии продуктов.
Симптомы
- The external authentication provider is an LDAP server. This issue is not applicable to Microsoft Active Directory (AD) servers.
- The external authority integration wizard or the
authc-create-ldap-configscript the following error appears
Error executing command. Failure: 400 Bad Request. Server message: Failed to verify configuration LDAP_SERVER_NAME: [LDAP: error code 12 - Unavailable Critical Extension];
nested exception is javax.naming.OperationNotSupportedException: [LDAP: error code 12 - Unavailable Critical Extension]; remaining name 'ou=People,dc=DOMAIN,dc=DOMAIN'Причина
This can happen if there is a "query limit" on the LDAP server is being exceeded.
The LDAP logs on the LDAP server contains something like:
The LDAP logs on the LDAP server contains something like:
[DD/MM/YYYY:HH:MM:SS -0500] conn=99012497 op=-1 msgId=-1 - fd=1408 slot=1408 LDAP connection from IP_ADDR to IP_ADDR
[DD/MM/YYYY:HH:MM:SS -0500] conn=99012497 op=0 msgId=1 - BIND dn="uid=BIND_ACCOUNT,ou=People,dc=DOMAIN,dc=DOMAIN" method=128 version=3
[DD/MM/YYYY:HH:MM:SS -0500] conn=99012497 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=BIND_ACCOUNT,ou=People,dc=DOMAIN,dc=DOMAIN"
[DD/MM/YYYY:HH:MM:SS -0500] conn=99012497 op=1 msgId=2 - SRCH base="ou=People,dc=DOMAIN,dc=DOMAIN" scope=2 filter="(objectClass=inetOrgPerson)" attrs=ALL
[DD/MM/YYYY:HH:MM:SS -0500] conn=99012497 op=1 msgId=2 - RESULT err=4 tag=101 nentries=1000 etime=1 notes=U
[DD/MM/YYYY:HH:MM:SS -0500] conn=99012497 op=2 msgId=3 - SRCH base="ou=People,dc=DOMAIN,dc=DOMAIN" scope=2 filter="(objectClass=inetOrgPerson)", unsupported critical extension
[DD/MM/YYYY:HH:MM:SS -0500] conn=99012497 op=2 msgId=3 - RESULT err=12 tag=101 nentries=0 etime=0
NOTE: The LDAP administrator must review the logs on the LDAP server.
In this example, the query limit is 1000 which was exceeded.
Разрешение
Changed the user search filter to config-user-search-filter="uid={0}"
NOTE: This setting can only be applied when using the
The following articles can be used for more information about how to use the
authc_config scripts. The external repository in the NetWorker Management Console (NMC) and NetWorker Web User Interface (NWUI) do not have the "Search Filter" field.
The following articles can be used for more information about how to use the
authc_config scripts and updating an existing configuration.
Затронутые продукты
NetWorkerПродукты
NetWorker FamilyСвойства статьи
Номер статьи: 000034700
Тип статьи: Solution
Последнее изменение: 22 Jun 2025
Версия: 4
Получите ответы на свои вопросы от других пользователей Dell
Услуги технической поддержки
Проверьте, распространяются ли на ваше устройство услуги технической поддержки.