[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
OpenLDAP 2.1.25: ber_get_next on fd 16 failed errno=11 (Resource temporarily unavaila
I am receiving this error when a user,
not uid=root or cn=manager, is attempting to change his or hers password.
It seems that when I have root modify a users password via:
passwd <userid>
The shadowLastChange field and the password
field are modified accordingly. However, when the user himself tries
the new password is requested but the actual fields in the ldap are never
modified. The only things that stands out in the log file when a
user executes a change is several of the following errors:
Dec 23 10:41:45 pzt201 slapd[17903]:
daemon: activity on 1 descriptors
Dec 23 10:41:45 pzt201 slapd[17903]:
daemon: activity on:
Dec 23 10:41:45 pzt201 slapd[17903]:
16r
Dec 23 10:41:45 pzt201 slapd[17903]:
Dec 23 10:41:45 pzt201 slapd[17903]:
daemon: read activity on 16
Dec 23 10:41:45 pzt201 slapd[17903]:
connection_get(16)
Dec 23 10:41:45 pzt201 slapd[17903]:
connection_get(16): got connid=11
Dec 23 10:41:45 pzt201 slapd[17903]:
connection_read(16): checking for input on id=11
Dec 23 10:41:45 pzt201 slapd[17903]:
ber_get_next on fd 16 failed errno=11 (Resource temporarily unavaila
ble)
Dec 23 10:41:45 pzt201 slapd[17903]:
daemon: select: listen=6 active_threads=1 tvp=NULL
It seems that I get this error for fd
16, fd 17, fd 19, fd 20. I assume that fd refers to file descriptor,
beyond that I am lost as to what is occuring here and why the results of
the actions differ between root and the user.
I am running OpenLDAP 2.1.25 with BDB
4.2.
================== My ACLs =========================
access to dn=".*,dc=my,dc=org"
attr=userPassword
by dn="cn=manager,dc=my,dc=org"
write
by dn="cn=proxyuser,dc=my,dc=org"
write
by self
write
by * auth
access to dn=".*,dc=my,dc=org"
attr=shadowLastChange
by dn="cn=manager,dc=my,dc=org"
write
by dn="cn=proxyuser,dc=my,dc=org"
write
by * auth
access to dn=".*,dc=my,dc=org"
attr=mail
by dn="cn=manager,dc=my,dc=org"
write
by dn="cn=proxyuser,dc=my,dc=org"
read
by self
write
by * read
access to dn=".*,ou=People,dc=my,dc=org"
by dn="cn=manager,dc=my,dc=org"
write
by * read
access to dn=".*,dc=my,dc=org"
by self
write
by * read
I have set up two pam files, other and
passwd.
====================== passwd
==========================
#%PAM-1.0
auth required
pam_env.so
auth sufficient
pam_unix.so likeauth nullok
auth sufficient
pam_ldap.so use_first_pass \
config=/usr/local/etc/openldap/ldap.conf
auth required
pam_deny.so
account sufficient pam_unix.so
account sufficient pam_ldap.so
\
config=/usr/local/etc/openldap/ldap.conf
account required
pam_deny.so
password sufficient
pam_ldap.so \
config=/usr/local/etc/openldap/ldap.conf
password sufficient
pam_unix.so nullok use_authtok md5
password required
pam_deny.so
session
required pam_limits.so
session
required pam_unix.so
session
optional pam_ldap.so \
config=/usr/local/etc/openldap/ldap.conf
==================== other ==============================
#%PAM-1.0M-1.0
auth required
/lib/security/pam_env.so
auth sufficient
/lib/security/pam_unix.so likeauth nullok
auth sufficient
/lib/security/pam_ldap.so use_first_pass
auth required
/lib/security/pam_deny.so
account required
/lib/security/pam_unix.so
account sufficient
/lib/security/pam_ldap.so
password required
/lib/security/pam_cracklib.so retry=3 minlen=4 \
dcredit=0 ucredit=0
password sufficient
/lib/security/pam_unix.so nullok use_authtok \
md5 shadow
password sufficient
/lib/security/pam_ldap.so use_authtok
password required
/lib/security/pam_deny.so
session required
/lib/security/pam_mkhomedir.so skel=/etc/skel/ \
umask=0022
session required
/lib/security/pam_limits.so
session required
/lib/security/pam_unix.so
session optional
/lib/security/pam_ldap.so
I have created the softlink between
/etc/openldap and /usr/local/etc/openldap, thus the config attributes passed
in passwd should do nothing that impacts behavior.
Thanks!
Eric Sammons