[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Unrecognized Control: 1.3.6.1.4.1.42.2.27.8.5.1



Rob Becker wrote:
Hi List,

Please help! I'm starting to get VERY frustrated with this.


I am having troubles with an OpenLDAP 2.3.22 system. I am "upgrading" from OpenLDAP 2.2.6.

The slapd server is complaining about unrecognized control:
1.3.6.1.4.1.42.2.27.8.5.1.

That's just a warning message, it has no effect since the control is not marked critical. In the log you attached below, the only actual error is an incorrect password in the Bind attempt.


  After doing some research and posting on some
incorrect mailing lists I have found out that this has to do with the
Password Policy module and requires to be configured in the slapd.conf.  I
noticed that the default slapd.conf file I was using included the
ppolicy.schema, but no modules were loaded.  Since I was unsure of the use
of ppolicy.schema I commented it out from slapd.conf.  This changed
nothing.

Why would one version throw this error and the other version not?

Current slapd.conf file:

include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema
include         /usr/local/etc/openldap/schema/nis.schema
include         /usr/local/etc/openldap/schema/openldap.schema
#include                /usr/local/etc/openldap/schema/ppolicy.schema

pidfile         /usr/local/var/run/slapd.pid
argsfile        /usr/local/var/run/slapd.args

access to dn.base=""
        by * read

access to dn.base="cn=Subschema"
        by * read

access to attrs=userPassword,userPKCS12
        by self write
        by anonymous auth
        by * auth

access to attrs=shadowLastChange
        by self write
        by * read

access to *
        by * read

#######################################################################
# BDB database definitions
#######################################################################
allow bind_v2 bind_anon_dn
database bdb
suffix          "dc=motogroup,dc=com"
rootdn          "cn=Administrator,dc=motogroup,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw {MD5}JZ6/Ojy0YGqXdnEnhLHgqw==
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory       /usr/local/var/openldap-data
# Indices to maintain
index objectClass,uidNumber,gidNumber eq
index member,mail eq,pres
index cn,displayname,uid,sn,givenname sub,eq,pres

Old slapd.conf file (working):

#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include     /etc/openldap/schema/core.schema
include     /etc/openldap/schema/cosine.schema
include     /etc/openldap/schema/inetorgperson.schema
#include        /etc/openldap/schema/rfc2307bis.schema
include     /etc/openldap/schema/nis.schema
#include     /etc/openldap/schema/samba3.schema
include     /etc/openldap/schema/yast.schema
include     /etc/openldap/schema/sudo.schema
# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral   ldap://root.openldap.org

pidfile     /var/run/slapd/slapd.pid
argsfile    /var/run/slapd/slapd.args

# Load dynamic backend modules:
modulepath  /usr/lib/openldap/modules
# moduleload    back_ldap.la
# moduleload    back_meta.la
# moduleload    back_monitor.la
# moduleload    back_perl.la

access to dn.base=""
        by * read

access to dn.base="cn=Subschema"
        by * read

access to attr=userPassword,userPKCS12
        by self write
        by * auth
access to attr=shadowLastChange
        by self write
        by * read

access to *
        by * read

TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile /usr/share/ssl/certs/ldap.pem
TLSCertificateKeyFile /usr/share/ssl/certs/ldap.pem

allow bind_v2 bind_anon_dn
database bdb
suffix "dc=motogroup,dc=com"
rootdn "cn=Administrator,dc=motogroup,dc=com"
rootpw "{crypt}DA5U3tdjldJ0M"
directory /var/lib/ldap
checkpoint 1024 5
cachesize 10000
loglevel 256
replogfile /var/lib/ldap/replog
replica uri=ldap://linuxadm03:389
    binddn="cn=Administrator, dc=motogroup, dc=com"
    bindmethod=simple credentials="admin10nt"
index objectClass,uidNumber,gidNumber eq
index member,mail eq,pres
index cn,displayname,uid,sn,givenname sub,eq,pres



Error messages:

Jun  1 08:05:30 linuxadm03 slapd[8939]: conn=475 fd=20 ACCEPT from
IP=10.101.25.2:33144 (IP=0.0.0.0:389)
Jun  1 08:05:30 linuxadm03 slapd[8939]: conn=475 op=0 BIND dn="" method=128
Jun  1 08:05:30 linuxadm03 slapd[8939]: conn=475 op=0 RESULT tag=97 err=0
text=
Jun  1 08:05:30 linuxadm03 slapd[8939]: conn=475 op=1 SRCH
base="dc=motogroup,dc=com" scope=2 deref=0
filter="(&(objectClass=posixAccount)(uid=testu))"
Jun  1 08:05:30 linuxadm03 slapd[8939]: conn=475 op=1 SEARCH RESULT
tag=101 err=0 nentries=1 text=
Jun  1 08:05:30 linuxadm03 slapd[8939]: conn=475 op=2 BIND
dn="uid=testu,ou=people,dc=motogroup,dc=com" method=128
Jun  1 08:05:30 linuxadm03 slapd[8939]: slap_global_control: unrecognized
control: 1.3.6.1.4.1.42.2.27.8.5.1
Jun  1 08:05:30 linuxadm03 slapd[8939]: conn=475 op=2 RESULT tag=97 err=49
text=

Account Info:
# testu, people, motogroup.com
dn: uid=testu,ou=people,dc=motogroup,dc=com
givenName: Test
sn: User
cn: Test User
mail: test.user@motoristsgroup.com
uid: testu
uidNumber: 2001
gidNumber: 3000
homeDirectory: /home/testu
loginShell: /bin/bash
shadowInactive: -1
shadowMax: 99999
shadowLastChange: 13047
shadowWarning: 7
shadowMin: -1
shadowExpire: -1
shadowFlag: 0
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: top




--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/