Issue: LDAP error 32 LDAP_NO_SUCH_OBJECT

[cjohnston1158]

Is there an existing issue for this?

• I have searched the existing issues and found none that matched mine

Describe the issue

After configuring certificate auto-enrollment on Ubuntu 22.04 per the docs I am seeing LDAP error 32 LDAP_NO_SUCH_OBJECT. When trying to register with a Windows client, the Windows client was also not receiving the certificates.

There is another OU which was known to be working with a Windows client, so the GPO was compared. The new OU did not have the "Automatic Certificate Request Settings" configured, where the working OU did have this configured. The policy on the new OU was updated to match the working OU. Afterwards the Windows client was able to successfully download the certificates, however the Ubuntu client still is not.

Error message

Steps to reproduce it

https://documentation.ubuntu.com/adsys/en/stable/tutorial/certificates-autoenrolment/

Ubuntu users: System information

No response

Non Ubuntu users: System information

No response

Additional information

No response

Double check your logs

• I have redacted any sensitive information from the logs

[didrocks]

FTR: requested information about Windows AD server and OS level. Also, can you run ubuntu-bug adsys and report the content there (see the bug template), so that we get all linux OS info, including its dependencies?

Some of the idea could be a stuck GPT.ini and no refresh for it.
Can you try to check for the cached policy on the windows client? You will have them under /var/cache/adsys. Please look at the GPOs directories, try to find the matching GPO with the object ID and check GPT.ini file content. The version (if the policy was correctly updated) should match the one on the AD server.

Thanks!

[cjohnston1158]

DCs are running Windows Server 2019 or 2022.
2016 AD domain/forest Functional level.

[cjohnston1158]

report.txt
policies