LDAP issues with cflinuxfs4 stack
Article ID: 298163
Updated On:
Products
VMware Tanzu Application Service for VMs
Issue/Introduction
cflinuxfs4 release less than version 1.45.0 may produce some LDAP issues for applications as it is missing a ldap-commons library.
As an example, consider this .NET v6 application migrated from cflinuxfs3 to cflinuxfs4 stack which runs into issues with LDAP connectivity and there was no change to the source code. The error from the application logs if following
Starting in cflinuxfs4 release version 1.45.0, the missing ldap-commons library were added.
The following Tanzu Application Service VMs (TAS) versions contain cflinuxfs4 v 1.45.0+
As an example, consider this .NET v6 application migrated from cflinuxfs3 to cflinuxfs4 stack which runs into issues with LDAP connectivity and there was no change to the source code. The error from the application logs if following
2023-06-19T16:01:09.503+01:00 [APP/PROC/WEB/0] [OUT] { "date": "2023-06-19 15:01:09.4953", "level": "ERROR", "applicationId": "Org.DSA.SecurityDomain.Api", "logger": "Org.SecurityDomain.Api", "ProcessId": "7", "ProcessName": "Org.SecurityDomain.Api", "ThreadId": "41", "ThreadName": ".NET ThreadPool Worker", "Message": "#414 Failed to establish connection to domain: [{\"Domain\":\"myldap-domain.com\",\"Host\":\"dc=emea,dc=org,dc=com\",\"Base\":\"emea\",\"Name\":\"EUROPE\"}] exception: The type initializer for 'Ldap' threw an exception.", "Description": "#414 Failed to establish connection to domain: [{\"Domain\":\"myldap-domain.com\",\"Host\":\"dc=emea,dc=org,dc=com\",\"Base\":\"emea\",\"Name\":\"EUROPE\"}] exception: The type initializer for 'Ldap' threw an exception.", "Environment": "ge4-sit", "Exception": " ", "RequestHandler": "Controller: Action:", "CallStack": "Org.DSA.Shared.Logger.ApiLogger.Log" }
Starting in cflinuxfs4 release version 1.45.0, the missing ldap-commons library were added.
The following Tanzu Application Service VMs (TAS) versions contain cflinuxfs4 v 1.45.0+
- 3.0.19+
- 4.0.11+
- 5.0.1+
Environment
Product Version: 4.0
Resolution
An additional finding specific to .NET apps:
The System.DirectoryServices.Protocols package requires v8 (not .NET version 8 - but version 8 of the package itself) in combination with cflinuxfs4 v1.45.0+ in order to work properly.
This is because of the version of libldap library in the container stack.
Prior to version 8 of the System.DirectoryServices package, it was hardcoded to use libldap-2.4.so.2. Starting in version 8 of the package it is using the newer version of libldap, which is provided in the cflinuxfs4 container stack.
An example csproj file may include:
The System.DirectoryServices.Protocols package requires v8 (not .NET version 8 - but version 8 of the package itself) in combination with cflinuxfs4 v1.45.0+ in order to work properly.
This is because of the version of libldap library in the container stack.
#cflinuxfs4 vcap@c1b8cc3b-f381-4f90-6a93-b879:~$ dpkg -l | grep libldap ii libldap-2.5-0:amd64 2.5.16+dfsg-0ubuntu0.22.04.1 amd64 OpenLDAP libraries ii libldap-common 2.5.16+dfsg-0ubuntu0.22.04.1 all OpenLDAP common files for libraries ii libldap-dev:amd64 2.5.16+dfsg-0ubuntu0.22.04.1 amd64 OpenLDAP development libraries ii libldap2-dev 2.5.16+dfsg-0ubuntu0.22.04.1 all transitional package for libldap-dev #cflinuxfs3 vcap@300e5d84-2afc-4f8d-5f43-3094:~$ dpkg -l | grep libldap ii libldap-2.4-2:amd64 2.4.45+dfsg-1ubuntu1.11+esm1 amd64 OpenLDAP libraries ii libldap-common 2.4.45+dfsg-1ubuntu1.11+esm1 all OpenLDAP common files for libraries ii libldap2-dev:amd64 2.4.45+dfsg-1ubuntu1.11+esm1 amd64 OpenLDAP development libraries
Prior to version 8 of the System.DirectoryServices package, it was hardcoded to use libldap-2.4.so.2. Starting in version 8 of the package it is using the newer version of libldap, which is provided in the cflinuxfs4 container stack.
An example csproj file may include:
<PackageReference Include="System.DirectoryServices.Protocols" Version="8.0.0" />
Feedback
Yes
No
Powered by
