[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: unrecognized control: 1.3.6.1.4.1.42.2.27.8.5.1
As this is the OpenLDAP-bugs list, I will focus on the
(implicit) question as to whether the OpenLDAP behavior
you see is a bug. I suspect not. But if you think
yes, you might try the latest version of OpenLDAP
Software (2.3.24) and, if the behavior you think
might be due to a bug persists, provide adequate
details so one might be able to duplicate that behavior.
At a minimum, this would include relevant details of
your slapd.conf(5) file.
Questions regarding slapd(8), including how to configure
it with password policy control support, should be directed
to the OpenLDAP-software list.
Questions regarding PLA should be directed to forum about
PLA.
Regards, Kurt
At 08:22 AM 6/2/2006, Rob Becker wrote:
>I currently have PLA 1.0.1 installed with OpenLDAP 2.3.22. This system is
>being used as an posix account repository for our AIX and Linux servers.
>I had a pervious LDAP server setup with older version of both PLA and
>OpenLDAP and it worked great, but was dedicated to a different system. I
>migrated all accounts from that system to the new LDAP server. Users with
>accounts migrated are able to login to the servers with no issues. New
>accounts do not work.
>
>I have one major issue. The slapd server is complaining about
>unrecognized control: 1.3.6.1.4.1.42.2.27.8.5.1. After doing some
>research this is a password policy. It could be due to an incorrect PLA
>template, but I cannot be sure. Any ideas?
>
>Here are the errors.
>
>First on the LDAP Server: /var/log/messages
>
>May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 fd=18 ACCEPT from
>IP=10.101.25.2:33072 (IP=0.0.0.0:389)
>May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 op=0 BIND dn="" method=128
>May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 op=0 RESULT tag=97 err=0
>text=
>May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 op=1 SRCH
>base="dc=motogroup,dc=com" scope=2 deref=0
>filter="(&(objectClass=posixAccount)(uid=ted))"
>May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 op=1 SEARCH RESULT
>tag=101 err=0 nentries=1 text=
>May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 op=2 BIND dn="cn=Bill
>Ted,ou=people,dc=motogroup,dc=com" method=128
>May 31 07:55:20 linuxadm03 slapd[22583]: slap_global_control: unrecognized
>control: 1.3.6.1.4.1.42.2.27.8.5.1
>May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 op=2 RESULT tag=97
>err=49 text=
>May 31 07:55:20 linuxadm03 sshd[8021]: pam_ldap: error trying to bind as
>user "cn=Bill Ted,ou=people,dc=motogroup,dc=com" (Invalid credentials)
>May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 op=3 BIND dn="" method=128
>May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 op=3 RESULT tag=97 err=0
>text=
>May 31 07:55:20 linuxadm03 sshd[8019]: error: PAM: User not known to the
>underlying authentication module for illegal user Ted from
>rbecker.motogroup.com
>May 31 07:55:20 linuxadm03 slapd[22583]: conn=530 fd=18 closed (connection
>lost)
>May 31 07:55:20 linuxadm03 sshd[8019]: Failed keyboard-interactive/pam for
>invalid user Ted from 10.16.3.17 port 1421 ssh2
>
>Here is the PLA template I am using:
>
><?xml version="1.0" encoding="UTF-8" standalone="no"?>
><!DOCTYPE template SYSTEM "template.dtd">
><template>
><title>New User Entry</title>
><!--<regexp>^ou=People,o=.*,</regexp>-->
><icon>images/user.png</icon>
><description></description>
><askcontainer>1</askcontainer>
><rdn>cn</rdn>
><visible>1</visible>
><invalid>0</invalid>
>
><objectClasses>
><objectClass id="inetOrgPerson"></objectClass>
><objectClass id="posixAccount"></objectClass>
><objectClass id="shadowAccount"></objectClass>
></objectClasses>
>
><attributes>
><attribute id="givenName">
> <display>First name</display>
> <icon>images/uid.png</icon>
> <onchange>autoFill:cn,%givenName% %sn%</onchange>
> <order>1</order>
></attribute>
><attribute id="sn">
> <display>Last name</display>
> <onchange>autoFill:cn,%givenName% %sn%</onchange>
> <onchange>autoFill:uid,%sn%</onchange>
> <onchange>autoFill:homeDirectory,/home/%uid%</onchange>
> <order>2</order>
></attribute>
><attribute id="cn">
> <display>Common Name</display>
> <order>3</order>
></attribute>
><attribute id="mail">
> <display>Email</display>
> <order>4</order>
></attribute>
><attribute id="userPassword">
> <display>Password</display>
> <helper>
> <default>md5</default>
> <display>Encryption</display>
> <id>enc</id>
> <location>side</location>
> <value>blowfish</value>
> <value>clear</value>
> <value>crypt</value>
> <value>ext_des</value>
> <value>md5</value>
> <value>md5crypt</value>
> <value>sha</value>
> <value>smd5</value>
> <value>ssha</value>
> </helper>
> <icon>images/lock.png</icon>
> <order>5</order>
> <post>=php.Password(%enc%,%userPassword%)</post>
> <spacer>1</spacer>
> <type>password</type>
> <verify>1</verify>
></attribute>
><attribute id="uid">
> <display>User ID</display>
> <order>6</order>
></attribute>
><attribute id="uidNumber">
> <display>UID Number</display>
> <hint>Automatically determined</hint>
> <icon>images/terminal.png</icon>
> <order>7</order>
> <presubmit>=php.GetNextNumber(/,uid)</presubmit>
></attribute>
><attribute id="gidNumber">
> <display>Primary Group</display>
> <onchange>autoFill:homeDirectory,/home/%uid%</onchange>
> <order>8</order>
> <value>=php.PickList(/,(objectClass=posixGroup),gidNumber,%cn%)</value>
></attribute>
><attribute id="homeDirectory">
> <display>Home directory</display>
> <order>9</order>
></attribute>
><attribute id="loginShell">
> <display>Login shell</display>
> <order>10</order>
> <value>=php.PickList(/,(objectClass=posixAccount),loginShell,%loginShell%)</value>
> <spacer>1</spacer>
></attribute>
><attribute id="shadowInactive">
> <display>shadowInactive</display>
> <default>-1</default>
> <order>11</order>
>
></attribute>
><attribute id="shadowMax">
> <display>shadowMax</display>
> <default>99999</default>
> <order>12</order>
></attribute>
><attribute id="shadowLastChange">
> <display>shadowLastChange</display>
> <default>13047</default>
> <order>13</order>
></attribute>
><attribute id="shadowWarning">
> <display>shadowWarning</display>
> <default>7</default>
> <order>14</order>
></attribute>
><attribute id="shadowMin">
> <display>shadowMin</display>
> <default>-1</default>
> <order>15</order>
></attribute>
><attribute id="shadowExpire">
> <display>shadowExpire</display>
> <default>-1</default>
> <order>16</order>
></attribute>
><attribute id="shadowFlag">
> <display>shadowFlag</display>
> <default>0</default>
> <order>17</order>
></attribute>
></attributes>
></template>
>
>
>Robert Becker
>Systems Engineer
>Motorists Insurance Group