[Date Prev][Date Next] [Chronological] [Thread] [Top]

unrecognized control: 1.3.6.1.4.1.42.2.27.8.5.1



I currently have PLA 1.0.1 installed with OpenLDAP 2.3.22.  This system is
being used as an posix account repository for our AIX and Linux servers. 
I had a pervious LDAP server setup with older version of both PLA and
OpenLDAP and it worked great, but was dedicated to a different system.  I
migrated all accounts from that system to the new LDAP server.  Users with
accounts migrated are able to login to the servers with no issues.  New
accounts do not work.

I have one major issue.  The slapd server is complaining about
unrecognized control: 1.3.6.1.4.1.42.2.27.8.5.1.  After doing some
research this is a password policy.  It could be due to an incorrect PLA
template, but I cannot be sure.  Any ideas?

Here are the errors.

First on the LDAP Server: /var/log/messages

May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 fd=18 ACCEPT from
IP=10.101.25.2:33072 (IP=0.0.0.0:389)
May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 op=0 BIND dn="" method=128
May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 op=0 RESULT tag=97 err=0
text=
May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 op=1 SRCH
base="dc=motogroup,dc=com" scope=2 deref=0
filter="(&(objectClass=posixAccount)(uid=ted))"
May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 op=1 SEARCH RESULT
tag=101 err=0 nentries=1 text=
May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 op=2 BIND dn="cn=Bill
Ted,ou=people,dc=motogroup,dc=com" method=128
May 31 07:55:20 linuxadm03 slapd[22583]: slap_global_control: unrecognized
control: 1.3.6.1.4.1.42.2.27.8.5.1
May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 op=2 RESULT tag=97
err=49 text=
May 31 07:55:20 linuxadm03 sshd[8021]: pam_ldap: error trying to bind as
user "cn=Bill Ted,ou=people,dc=motogroup,dc=com" (Invalid credentials)
May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 op=3 BIND dn="" method=128
May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 op=3 RESULT tag=97 err=0
text=
May 31 07:55:20 linuxadm03 sshd[8019]: error: PAM: User not known to the
underlying authentication module for illegal user Ted from
rbecker.motogroup.com
May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 fd=18 closed (connection
lost)
May 31 07:55:20 linuxadm03 sshd[8019]: Failed keyboard-interactive/pam for
invalid user Ted from 10.16.3.17 port 1421 ssh2

Here is the PLA template I am using:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE template SYSTEM "template.dtd">
<template>
<title>New User Entry</title>
<!--<regexp>^ou=People,o=.*,</regexp>-->
<icon>images/user.png</icon>
<description></description>
<askcontainer>1</askcontainer>
<rdn>cn</rdn>
<visible>1</visible>
<invalid>0</invalid>

<objectClasses>
<objectClass id="inetOrgPerson"></objectClass>
<objectClass id="posixAccount"></objectClass>
<objectClass id="shadowAccount"></objectClass>
</objectClasses>

<attributes>
<attribute id="givenName">
        <display>First name</display>
        <icon>images/uid.png</icon>
        <onchange>autoFill:cn,%givenName% %sn%</onchange>
        <order>1</order>
</attribute>
<attribute id="sn">
        <display>Last name</display>
        <onchange>autoFill:cn,%givenName% %sn%</onchange>
        <onchange>autoFill:uid,%sn%</onchange>
        <onchange>autoFill:homeDirectory,/home/%uid%</onchange>
        <order>2</order>
</attribute>
<attribute id="cn">
        <display>Common Name</display>
        <order>3</order>
</attribute>
<attribute id="mail">
        <display>Email</display>
        <order>4</order>
</attribute>
<attribute id="userPassword">
        <display>Password</display>
        <helper>
                <default>md5</default>
                <display>Encryption</display>
                <id>enc</id>
                <location>side</location>
                <value>blowfish</value>
                <value>clear</value>
                <value>crypt</value>
                <value>ext_des</value>
                <value>md5</value>
                <value>md5crypt</value>
                <value>sha</value>
                <value>smd5</value>
                <value>ssha</value>
        </helper>
        <icon>images/lock.png</icon>
        <order>5</order>
        <post>=php.Password(%enc%,%userPassword%)</post>
        <spacer>1</spacer>
        <type>password</type>
        <verify>1</verify>
</attribute>
<attribute id="uid">
        <display>User ID</display>
        <order>6</order>
</attribute>
<attribute id="uidNumber">
        <display>UID Number</display>
        <hint>Automatically determined</hint>
        <icon>images/terminal.png</icon>
        <order>7</order>
        <presubmit>=php.GetNextNumber(/,uid)</presubmit>
</attribute>
<attribute id="gidNumber">
        <display>Primary Group</display>
        <onchange>autoFill:homeDirectory,/home/%uid%</onchange>
        <order>8</order>
        <value>=php.PickList(/,(objectClass=posixGroup),gidNumber,%cn%)</value>
</attribute>
<attribute id="homeDirectory">
        <display>Home directory</display>
        <order>9</order>
</attribute>
<attribute id="loginShell">
        <display>Login shell</display>
        <order>10</order>
        <value>=php.PickList(/,(objectClass=posixAccount),loginShell,%loginShell%)</value>
        <spacer>1</spacer>
</attribute>
<attribute id="shadowInactive">
        <display>shadowInactive</display>
        <default>-1</default>
        <order>11</order>

</attribute>
<attribute id="shadowMax">
        <display>shadowMax</display>
        <default>99999</default>
        <order>12</order>
</attribute>
<attribute id="shadowLastChange">
        <display>shadowLastChange</display>
        <default>13047</default>
        <order>13</order>
</attribute>
<attribute id="shadowWarning">
        <display>shadowWarning</display>
        <default>7</default>
        <order>14</order>
</attribute>
<attribute id="shadowMin">
        <display>shadowMin</display>
        <default>-1</default>
        <order>15</order>
</attribute>
<attribute id="shadowExpire">
        <display>shadowExpire</display>
        <default>-1</default>
        <order>16</order>
</attribute>
<attribute id="shadowFlag">
        <display>shadowFlag</display>
        <default>0</default>
        <order>17</order>
</attribute>
</attributes>
</template>


Robert Becker
Systems Engineer
Motorists Insurance Group