[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP 2.1.25: ber_get_next on fd 16 failed errno=11 (Resource temporarily unavaila




I am receiving this error when a user, not uid=root or cn=manager, is attempting to change his or hers password.  It seems that when I have root modify a users password via:

passwd <userid>

The shadowLastChange field and the password field are modified accordingly.  However, when the user himself tries the new password is requested but the actual fields in the ldap are never modified.  The only things that stands out in the log file when a user executes a change is several of the following errors:

Dec 23 10:41:45 pzt201 slapd[17903]: daemon: activity on 1 descriptors
Dec 23 10:41:45 pzt201 slapd[17903]: daemon: activity on:
Dec 23 10:41:45 pzt201 slapd[17903]:  16r
Dec 23 10:41:45 pzt201 slapd[17903]:  
Dec 23 10:41:45 pzt201 slapd[17903]: daemon: read activity on 16
Dec 23 10:41:45 pzt201 slapd[17903]: connection_get(16)
Dec 23 10:41:45 pzt201 slapd[17903]: connection_get(16): got connid=11
Dec 23 10:41:45 pzt201 slapd[17903]: connection_read(16): checking for input on id=11
Dec 23 10:41:45 pzt201 slapd[17903]: ber_get_next on fd 16 failed errno=11 (Resource temporarily unavaila
ble)
Dec 23 10:41:45 pzt201 slapd[17903]: daemon: select: listen=6 active_threads=1 tvp=NULL


It seems that I get this error for fd 16, fd 17, fd 19, fd 20.  I assume that fd refers to file descriptor, beyond that I am lost as to what is occuring here and why the results of the actions differ between root and the user.


I am running OpenLDAP 2.1.25 with BDB 4.2.

==================  My ACLs =========================
access to dn=".*,dc=my,dc=org" attr=userPassword
        by dn="cn=manager,dc=my,dc=org" write
        by dn="cn=proxyuser,dc=my,dc=org" write
        by self write
        by * auth

access to dn=".*,dc=my,dc=org" attr=shadowLastChange
        by dn="cn=manager,dc=my,dc=org" write
        by dn="cn=proxyuser,dc=my,dc=org" write
        by * auth

access to dn=".*,dc=my,dc=org" attr=mail
        by dn="cn=manager,dc=my,dc=org" write
        by dn="cn=proxyuser,dc=my,dc=org" read
        by self write
        by * read

access to dn=".*,ou=People,dc=my,dc=org"
        by dn="cn=manager,dc=my,dc=org" write
        by * read

access to dn=".*,dc=my,dc=org"
        by self write
        by * read


I have set up two pam files, other and passwd.

======================  passwd ==========================
#%PAM-1.0
auth    required        pam_env.so
auth    sufficient      pam_unix.so likeauth nullok
auth    sufficient      pam_ldap.so use_first_pass \
config=/usr/local/etc/openldap/ldap.conf
auth    required        pam_deny.so
account sufficient      pam_unix.so
account sufficient      pam_ldap.so \
config=/usr/local/etc/openldap/ldap.conf
account required        pam_deny.so
password        sufficient      pam_ldap.so \
config=/usr/local/etc/openldap/ldap.conf
password        sufficient      pam_unix.so nullok use_authtok md5
password        required        pam_deny.so
session         required        pam_limits.so
session         required        pam_unix.so
session         optional        pam_ldap.so \
config=/usr/local/etc/openldap/ldap.conf

==================== other ==============================

#%PAM-1.0M-1.0
auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/pam_ldap.so use_first_pass
auth        required      /lib/security/pam_deny.so

account     required      /lib/security/pam_unix.so
account     sufficient    /lib/security/pam_ldap.so

password    required      /lib/security/pam_cracklib.so retry=3 minlen=4 \
dcredit=0 ucredit=0
password    sufficient    /lib/security/pam_unix.so nullok use_authtok \
md5 shadow
password    sufficient    /lib/security/pam_ldap.so use_authtok
password    required      /lib/security/pam_deny.so

session     required      /lib/security/pam_mkhomedir.so skel=/etc/skel/ \
umask=0022
session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so
session     optional      /lib/security/pam_ldap.so


I have created the softlink between /etc/openldap and /usr/local/etc/openldap, thus the config attributes passed in passwd should do nothing that impacts behavior.

Thanks!
Eric Sammons