Preview Tool

Cisco Bug: CSCuj01135 - AD client exception while talking to LDAP server

Last Modified

Nov 19, 2014

Products (1)

  • Cisco Secure Access Control Server Solution Engine

Known Affected Releases


Description (partial)

AD client exception while talking to LDAP server (build 4.6.0-114, ACS 5.

The crash occurred while adclient was rebuilding its trusted domain map.
adclient is in the middle of establishing a global catalog connection to the server.
As part of setting up the connection, adclient asks the GC for the rootDSE. This is mainly a check to ensure that the server is communicating with us.  The rootDSE request is handed to the OpenLDAP libraries where a connection is established followed by the rootDSE request.

There appears to be some problem with the GC sending a RST right after the connection was established.

First the client sends a TCP SYN which is acknowledged, establishing the connection.  Then before the rootDSE request is sent the GC tries to RST the connection.  The rootDSE goes out anyway (indicating that the openLDAP libraries had a good socket at that point in time).  The GC responds with another RST leading to the crash.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.