Cisco Bug: CSCuj01135 - AD client exception while talking to LDAP server
Nov 19, 2014
- Cisco Secure Access Control Server Solution Engine
Known Affected Releases
Symptom: AD client exception while talking to LDAP server (build 4.6.0-114, ACS 5. Conditions: The crash occurred while adclient was rebuilding its trusted domain map. adclient is in the middle of establishing a global catalog connection to the server. As part of setting up the connection, adclient asks the GC for the rootDSE. This is mainly a check to ensure that the server is communicating with us. The rootDSE request is handed to the OpenLDAP libraries where a connection is established followed by the rootDSE request. There appears to be some problem with the GC sending a RST right after the connection was established. First the client sends a TCP SYN which is acknowledged, establishing the connection. Then before the rootDSE request is sent the GC tries to RST the connection. The rootDSE goes out anyway (indicating that the openLDAP libraries had a good socket at that point in time). The GC responds with another RST leading to the crash.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases