I am experiencing intermittent login issues with the Rancher (2.9.3) UI, requiring multiple retries before successfully logging in. The logs show the following error:

"[ERROR] API error response 500 for POST /v3-public/openLdapProviders/openldap?action=login. Cause: Error creating SSL connection: LDAP Result Code 200 'Network Error': dial tcp: lookup ldapservername.domain: i/o timeout"

To troubleshoot, I ran a tcpdump while the login request was sent and the response was received, confirming that DNS resolution is working. Additionally, I tested connectivity using netcat to port 636/389 on the LDAP server, which was successful. Despite this, the error persists in the Rancher pod. Any insights or suggestions for resolving this issue would be greatly appreciated. Thanks!

exec into the rancher pod and ran

nslookup ldapservername.domain

or

host ldapservername.domain

?

The cert is signed by known provider. I can't run any of those commands on rancher pod. I can run them on underlying worker nodes as I did in the troubleshooting.

bash-4.4# dpkg
bash: dpkg: command not found
bash-4.4# nslookup
bash: nslookup: command not found
bash-4.4# host
bash: host: command not found
bash-4.4# apt
bash: apt: command not found
bash-4.4#

ping

?

not available.

bash-4.4# ping
bash: ping: command not found

it's still important to try to run from a container vs the host.

It may be , where to check ? This is exact issue https://github.com/rancher/rancher/issues/44593

I don't see ``x509: certificate is valid for xxx, not yyy` in your posting

It's not the same , I don't get ssl error.

right, but that git issue is with the ssl error, so not that exact issue right?

Sorry , you're right it's not exact issue. Is there away to add debug for rancher ldap provider ?