[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: unrecognized control: 1.3.6.1.4.1.42.2.27.8.5.1



As this is the OpenLDAP-bugs list, I will focus on the
(implicit) question as to whether the OpenLDAP behavior
you see is a bug.  I suspect not.  But if you think
yes, you might try the latest version of OpenLDAP
Software (2.3.24) and, if the behavior you think
might be due to a bug persists, provide adequate
details so one might be able to duplicate that behavior.
At a minimum, this would include relevant details of
your slapd.conf(5) file.

Questions regarding slapd(8), including how to configure
it with password policy control support, should be directed
to the OpenLDAP-software list.

Questions regarding PLA should be directed to forum about
PLA.

Regards, Kurt

At 08:22 AM 6/2/2006, Rob Becker wrote:
>I currently have PLA 1.0.1 installed with OpenLDAP 2.3.22.  This system is
>being used as an posix account repository for our AIX and Linux servers. 
>I had a pervious LDAP server setup with older version of both PLA and
>OpenLDAP and it worked great, but was dedicated to a different system.  I
>migrated all accounts from that system to the new LDAP server.  Users with
>accounts migrated are able to login to the servers with no issues.  New
>accounts do not work.
>
>I have one major issue.  The slapd server is complaining about
>unrecognized control: 1.3.6.1.4.1.42.2.27.8.5.1.  After doing some
>research this is a password policy.  It could be due to an incorrect PLA
>template, but I cannot be sure.  Any ideas?
>
>Here are the errors.
>
>First on the LDAP Server: /var/log/messages
>
>May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 fd=18 ACCEPT from
>IP=10.101.25.2:33072 (IP=0.0.0.0:389)
>May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 op=0 BIND dn="" method=128
>May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 op=0 RESULT tag=97 err=0
>text=
>May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 op=1 SRCH
>base="dc=motogroup,dc=com" scope=2 deref=0
>filter="(&(objectClass=posixAccount)(uid=ted))"
>May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 op=1 SEARCH RESULT
>tag=101 err=0 nentries=1 text=
>May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 op=2 BIND dn="cn=Bill
>Ted,ou=people,dc=motogroup,dc=com" method=128
>May 31 07:55:20 linuxadm03 slapd[22583]: slap_global_control: unrecognized
>control: 1.3.6.1.4.1.42.2.27.8.5.1
>May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 op=2 RESULT tag=97
>err=49 text=
>May 31 07:55:20 linuxadm03 sshd[8021]: pam_ldap: error trying to bind as
>user "cn=Bill Ted,ou=people,dc=motogroup,dc=com" (Invalid credentials)
>May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 op=3 BIND dn="" method=128
>May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 op=3 RESULT tag=97 err=0
>text=
>May 31 07:55:20 linuxadm03 sshd[8019]: error: PAM: User not known to the
>underlying authentication module for illegal user Ted from
>rbecker.motogroup.com
>May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 fd=18 closed (connection
>lost)
>May 31 07:55:20 linuxadm03 sshd[8019]: Failed keyboard-interactive/pam for
>invalid user Ted from 10.16.3.17 port 1421 ssh2
>
>Here is the PLA template I am using:
>
><?xml version="1.0" encoding="UTF-8" standalone="no"?>
><!DOCTYPE template SYSTEM "template.dtd">
><template>
><title>New User Entry</title>
><!--<regexp>^ou=People,o=.*,</regexp>-->
><icon>images/user.png</icon>
><description></description>
><askcontainer>1</askcontainer>
><rdn>cn</rdn>
><visible>1</visible>
><invalid>0</invalid>
>
><objectClasses>
><objectClass id="inetOrgPerson"></objectClass>
><objectClass id="posixAccount"></objectClass>
><objectClass id="shadowAccount"></objectClass>
></objectClasses>
>
><attributes>
><attribute id="givenName">
>        <display>First name</display>
>        <icon>images/uid.png</icon>
>        <onchange>autoFill:cn,%givenName% %sn%</onchange>
>        <order>1</order>
></attribute>
><attribute id="sn">
>        <display>Last name</display>
>        <onchange>autoFill:cn,%givenName% %sn%</onchange>
>        <onchange>autoFill:uid,%sn%</onchange>
>        <onchange>autoFill:homeDirectory,/home/%uid%</onchange>
>        <order>2</order>
></attribute>
><attribute id="cn">
>        <display>Common Name</display>
>        <order>3</order>
></attribute>
><attribute id="mail">
>        <display>Email</display>
>        <order>4</order>
></attribute>
><attribute id="userPassword">
>        <display>Password</display>
>        <helper>
>                <default>md5</default>
>                <display>Encryption</display>
>                <id>enc</id>
>                <location>side</location>
>                <value>blowfish</value>
>                <value>clear</value>
>                <value>crypt</value>
>                <value>ext_des</value>
>                <value>md5</value>
>                <value>md5crypt</value>
>                <value>sha</value>
>                <value>smd5</value>
>                <value>ssha</value>
>        </helper>
>        <icon>images/lock.png</icon>
>        <order>5</order>
>        <post>=php.Password(%enc%,%userPassword%)</post>
>        <spacer>1</spacer>
>        <type>password</type>
>        <verify>1</verify>
></attribute>
><attribute id="uid">
>        <display>User ID</display>
>        <order>6</order>
></attribute>
><attribute id="uidNumber">
>        <display>UID Number</display>
>        <hint>Automatically determined</hint>
>        <icon>images/terminal.png</icon>
>        <order>7</order>
>        <presubmit>=php.GetNextNumber(/,uid)</presubmit>
></attribute>
><attribute id="gidNumber">
>        <display>Primary Group</display>
>        <onchange>autoFill:homeDirectory,/home/%uid%</onchange>
>        <order>8</order>
>        <value>=php.PickList(/,(objectClass=posixGroup),gidNumber,%cn%)</value>
></attribute>
><attribute id="homeDirectory">
>        <display>Home directory</display>
>        <order>9</order>
></attribute>
><attribute id="loginShell">
>        <display>Login shell</display>
>        <order>10</order>
>        <value>=php.PickList(/,(objectClass=posixAccount),loginShell,%loginShell%)</value>
>        <spacer>1</spacer>
></attribute>
><attribute id="shadowInactive">
>        <display>shadowInactive</display>
>        <default>-1</default>
>        <order>11</order>
>
></attribute>
><attribute id="shadowMax">
>        <display>shadowMax</display>
>        <default>99999</default>
>        <order>12</order>
></attribute>
><attribute id="shadowLastChange">
>        <display>shadowLastChange</display>
>        <default>13047</default>
>        <order>13</order>
></attribute>
><attribute id="shadowWarning">
>        <display>shadowWarning</display>
>        <default>7</default>
>        <order>14</order>
></attribute>
><attribute id="shadowMin">
>        <display>shadowMin</display>
>        <default>-1</default>
>        <order>15</order>
></attribute>
><attribute id="shadowExpire">
>        <display>shadowExpire</display>
>        <default>-1</default>
>        <order>16</order>
></attribute>
><attribute id="shadowFlag">
>        <display>shadowFlag</display>
>        <default>0</default>
>        <order>17</order>
></attribute>
></attributes>
></template>
>
>
>Robert Becker
>Systems Engineer
>Motorists Insurance Group