[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
unrecognized control: 1.3.6.1.4.1.42.2.27.8.5.1
I currently have PLA 1.0.1 installed with OpenLDAP 2.3.22. This system is
being used as an posix account repository for our AIX and Linux servers.
I had a pervious LDAP server setup with older version of both PLA and
OpenLDAP and it worked great, but was dedicated to a different system. I
migrated all accounts from that system to the new LDAP server. Users with
accounts migrated are able to login to the servers with no issues. New
accounts do not work.
I have one major issue. The slapd server is complaining about
unrecognized control: 1.3.6.1.4.1.42.2.27.8.5.1. After doing some
research this is a password policy. It could be due to an incorrect PLA
template, but I cannot be sure. Any ideas?
Here are the errors.
First on the LDAP Server: /var/log/messages
May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 fd=18 ACCEPT from
IP=10.101.25.2:33072 (IP=0.0.0.0:389)
May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 op=0 BIND dn="" method=128
May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 op=0 RESULT tag=97 err=0
text=
May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 op=1 SRCH
base="dc=motogroup,dc=com" scope=2 deref=0
filter="(&(objectClass=posixAccount)(uid=ted))"
May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 op=1 SEARCH RESULT
tag=101 err=0 nentries=1 text=
May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 op=2 BIND dn="cn=Bill
Ted,ou=people,dc=motogroup,dc=com" method=128
May 31 07:55:20 linuxadm03 slapd[22583]: slap_global_control: unrecognized
control: 1.3.6.1.4.1.42.2.27.8.5.1
May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 op=2 RESULT tag=97
err=49 text=
May 31 07:55:20 linuxadm03 sshd[8021]: pam_ldap: error trying to bind as
user "cn=Bill Ted,ou=people,dc=motogroup,dc=com" (Invalid credentials)
May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 op=3 BIND dn="" method=128
May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 op=3 RESULT tag=97 err=0
text=
May 31 07:55:20 linuxadm03 sshd[8019]: error: PAM: User not known to the
underlying authentication module for illegal user Ted from
rbecker.motogroup.com
May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 fd=18 closed (connection
lost)
May 31 07:55:20 linuxadm03 sshd[8019]: Failed keyboard-interactive/pam for
invalid user Ted from 10.16.3.17 port 1421 ssh2
Here is the PLA template I am using:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE template SYSTEM "template.dtd">
<template>
<title>New User Entry</title>
<!--<regexp>^ou=People,o=.*,</regexp>-->
<icon>images/user.png</icon>
<description></description>
<askcontainer>1</askcontainer>
<rdn>cn</rdn>
<visible>1</visible>
<invalid>0</invalid>
<objectClasses>
<objectClass id="inetOrgPerson"></objectClass>
<objectClass id="posixAccount"></objectClass>
<objectClass id="shadowAccount"></objectClass>
</objectClasses>
<attributes>
<attribute id="givenName">
<display>First name</display>
<icon>images/uid.png</icon>
<onchange>autoFill:cn,%givenName% %sn%</onchange>
<order>1</order>
</attribute>
<attribute id="sn">
<display>Last name</display>
<onchange>autoFill:cn,%givenName% %sn%</onchange>
<onchange>autoFill:uid,%sn%</onchange>
<onchange>autoFill:homeDirectory,/home/%uid%</onchange>
<order>2</order>
</attribute>
<attribute id="cn">
<display>Common Name</display>
<order>3</order>
</attribute>
<attribute id="mail">
<display>Email</display>
<order>4</order>
</attribute>
<attribute id="userPassword">
<display>Password</display>
<helper>
<default>md5</default>
<display>Encryption</display>
<id>enc</id>
<location>side</location>
<value>blowfish</value>
<value>clear</value>
<value>crypt</value>
<value>ext_des</value>
<value>md5</value>
<value>md5crypt</value>
<value>sha</value>
<value>smd5</value>
<value>ssha</value>
</helper>
<icon>images/lock.png</icon>
<order>5</order>
<post>=php.Password(%enc%,%userPassword%)</post>
<spacer>1</spacer>
<type>password</type>
<verify>1</verify>
</attribute>
<attribute id="uid">
<display>User ID</display>
<order>6</order>
</attribute>
<attribute id="uidNumber">
<display>UID Number</display>
<hint>Automatically determined</hint>
<icon>images/terminal.png</icon>
<order>7</order>
<presubmit>=php.GetNextNumber(/,uid)</presubmit>
</attribute>
<attribute id="gidNumber">
<display>Primary Group</display>
<onchange>autoFill:homeDirectory,/home/%uid%</onchange>
<order>8</order>
<value>=php.PickList(/,(objectClass=posixGroup),gidNumber,%cn%)</value>
</attribute>
<attribute id="homeDirectory">
<display>Home directory</display>
<order>9</order>
</attribute>
<attribute id="loginShell">
<display>Login shell</display>
<order>10</order>
<value>=php.PickList(/,(objectClass=posixAccount),loginShell,%loginShell%)</value>
<spacer>1</spacer>
</attribute>
<attribute id="shadowInactive">
<display>shadowInactive</display>
<default>-1</default>
<order>11</order>
</attribute>
<attribute id="shadowMax">
<display>shadowMax</display>
<default>99999</default>
<order>12</order>
</attribute>
<attribute id="shadowLastChange">
<display>shadowLastChange</display>
<default>13047</default>
<order>13</order>
</attribute>
<attribute id="shadowWarning">
<display>shadowWarning</display>
<default>7</default>
<order>14</order>
</attribute>
<attribute id="shadowMin">
<display>shadowMin</display>
<default>-1</default>
<order>15</order>
</attribute>
<attribute id="shadowExpire">
<display>shadowExpire</display>
<default>-1</default>
<order>16</order>
</attribute>
<attribute id="shadowFlag">
<display>shadowFlag</display>
<default>0</default>
<order>17</order>
</attribute>
</attributes>
</template>
Robert Becker
Systems Engineer
Motorists Insurance Group