Callum Smith via FreeIPA-users wrote:
Dear All,
I'm seeing issues with the time synchronisation for OTP but ONLY for
authentication through LDAP and not through kerberos. Is this even
possible or am I going down the wrong rabbit hole on this issue. The
error presents as LDAP authentication giving "ldap operation failed"
when authentication to HashiCorp Vault, configured to auth against IPA
over LDAP, if the token is slightly old.
Have you been able to define a range for "slightly old"? Is there some
latency that is causing issue?
Is anything logged in the 389-ds error log when the operations error
fires? I'm not sure which error level would help in this case, some can
be kinda spammy. Is this easily reproducible on an otherwise quiet system?
rob