Bug 1643119

Summary: Secure ldap identity provider fails to query the LDAP server. "tls: bad record MAC"
Product: OpenShift Container Platform Reporter: Sanket N <snalawad>
Component: apiserver-authAssignee: Erica von Buelow <evb>
Status: CLOSED ERRATA QA Contact: Chuan Yu <chuyu>
Severity: high Docs Contact:
Priority: high    
Version: 3.11.0CC: aos-bugs, bleanhar, chuyu, deparker, erich, erjones, evb, glamb, jokerman, jrosenta, lmeyer, mkhan, mmccomas, msomasun, openshift-bugs-escalate, redhat, scuppett, smunilla, travi, wsun, xtian
Target Milestone: ---   
Target Release: 3.11.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-11-20 03:11:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sanket N 2018-10-25 14:20:51 UTC 
Description of problem:

The LDAP query is not processed bu the Identity provider and fails with the error "ldap.go unable to read LDAP response packet: local error: tls: bad record MAC "

Version-Release number of selected component (if applicable):
OCP v3.11


Additional Information:

The same LDAP server will work for ldap identity provider on a lower version of OCP v3.10 and below.
Comment 18 Mo 2018-10-31 14:27:40 UTC 
*** Bug 1643275 has been marked as a duplicate of this bug. ***
Comment 24 Samuel Munilla 2018-11-01 21:01:52 UTC 
Setting this to VERIFIED based on comments from Qe and conversation with erich.
Comment 30 errata-xmlrpc 2018-11-20 03:11:52 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3537
Comment 31 Red Hat Bugzilla 2023-09-15 00:13:19 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days