[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: tag=97 error in openLDAP



Thank you very much for your clarifying message. I have found it very
helpful, but the problem actually turned out not to be the password,
but the problem actually turned out to be the loginShell.

44 uid=bluethundr,ou=summitnjops,ou=staff,dc=summitnjhome,dc=com
uid: bluethundr
cn: Timothy P. ThatGuy
givenName: Timothy P.
sn: ThatGuy
mail: bluethundr@example.com
mailRoutingAddress: bluethundr@mail.example.com
mailHost: mail.summitnjhome.com
objectClass: inetLocalMailRecipient
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
userPassword: {CRYPT}secret
uidNumber: 1001
gidNumber: 1002
homeDirectory: /home/bluethundr
gecos: Timothy P. ThatGuy
loginShell: /usr/local/bin/bash

The LDAP server is FreeBSD but the clients are CentOS.

The problem turned out to be that the PADL migration script that had
generated the user ldif from /etc/passwd and produced the loginShell
attribute with a BSD path to bash (i.e. /usr/local/bin/bash), when the
clients which are all CentOS needed the red hat path to bash (i.e.
/bin/bash).

 I have also added an index for uid to by slap.conf as per your suggestion.

Best regards and thank you again for your assistance!




On Sun, Oct 31, 2010 at 8:26 PM, Quanah Gibson-Mount <quanah@zimbra.com> wrote:
> --On Saturday, October 30, 2010 8:51 AM -0400 Tim Dunphy
> <bluethundr@gmail.com> wrote:
>
>> Oct 29 22:49:41 LBSD2 slapd[1085]: <= bdb_equality_candidates: (uid) not
>> indexed Oct 29 22:49:41 LBSD2 slapd[1085]: conn=1001 op=7 SEARCH RESULT
>> tag=101 err=0 nentries=1 text=
>> Oct 29 22:49:41 LBSD2 slapd[1085]: conn=1002 op=4 BIND
>> dn="uid=bluethundr,ou=summitnjops,ou=staff,dc=summitnjhome,dc=com"
>> method=128
>> Oct 29 22:49:41 LBSD2 slapd[1085]: conn=1002 op=4 RESULT tag=97 err=49
>> text=
>> tag=97
>
> Tag's are not error messages, they are information purpose.
>
> Error messages are prefixed with "err=", in this case, your log clearly
> shows the wrong password was used, or the binddn is wrong, or both.
>
> Thus the LDAP server returns "ERROR 49" very clearly in your log for
> connection 1002.
>
> You likely should also create an equality index on uid, since apparently
> your dns are uid based.
>
> --Quanah
>
> --
>
> Quanah Gibson-Mount
> Principal Software Engineer
> Zimbra, Inc
> --------------------
> Zimbra ::  the leader in open source messaging and collaboration
>



-- 
Here's my RSA Public key:
gpg --keyserver pgp.mit.edu --recv-keys 5A4873A9

Share and enjoy!!