[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: tag=97 error in openLDAP
- To: openldap-technical@openldap.org
- Subject: Re: tag=97 error in openLDAP
- From: Tim Dunphy <bluethundr@gmail.com>
- Date: Mon, 1 Nov 2010 23:06:38 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=eEhDhPDnQ8u2UXzb2D83Ewi39obA3Iof2euPqG3LwX0=; b=cgXPrAvaIZhpeWyEtrk4IkRb4SnQBPW/Fc3WPDwCz9EpR0YQvzclk2cjYIuI3UenT+ 0fXCiVwSw7clv9cCtKTRaNl/vtWQ1G+jfZyGKNl2v+upbqQ8vvHbXqCmcCjjD3GrWlTJ 6hwFnAPoxyNj1pM89qj1cuvXZ0kuQUHvT/tbk=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=vYfcT8McebjlAbk3itv2FVO5FVjrJ9dZ2ycNLPoF1Pz9LieDt8b6RYklY2/RvGSB68 vXQetd6DOv1WGgsKsWOZ+gHLxhl9OcaEZa3oW6PpfClF8hCya7ils1QMl7oMFFSM5GoA /MHbuBAV9lxmtIZ9D/LnZxSQCcNAMM7AbBnY8=
- In-reply-to: <76F176B03051DC1222F1EB17@192.168.1.17>
- References: <AANLkTimA1iwDCA5gbMOO=6J3-wHnaGd5LCcsNMQT9e7K@mail.gmail.com> <76F176B03051DC1222F1EB17@192.168.1.17>
Thank you very much for your clarifying message. I have found it very
helpful, but the problem actually turned out not to be the password,
but the problem actually turned out to be the loginShell.
44 uid=bluethundr,ou=summitnjops,ou=staff,dc=summitnjhome,dc=com
uid: bluethundr
cn: Timothy P. ThatGuy
givenName: Timothy P.
sn: ThatGuy
mail: bluethundr@example.com
mailRoutingAddress: bluethundr@mail.example.com
mailHost: mail.summitnjhome.com
objectClass: inetLocalMailRecipient
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
userPassword: {CRYPT}secret
uidNumber: 1001
gidNumber: 1002
homeDirectory: /home/bluethundr
gecos: Timothy P. ThatGuy
loginShell: /usr/local/bin/bash
The LDAP server is FreeBSD but the clients are CentOS.
The problem turned out to be that the PADL migration script that had
generated the user ldif from /etc/passwd and produced the loginShell
attribute with a BSD path to bash (i.e. /usr/local/bin/bash), when the
clients which are all CentOS needed the red hat path to bash (i.e.
/bin/bash).
I have also added an index for uid to by slap.conf as per your suggestion.
Best regards and thank you again for your assistance!
On Sun, Oct 31, 2010 at 8:26 PM, Quanah Gibson-Mount <quanah@zimbra.com> wrote:
> --On Saturday, October 30, 2010 8:51 AM -0400 Tim Dunphy
> <bluethundr@gmail.com> wrote:
>
>> Oct 29 22:49:41 LBSD2 slapd[1085]: <= bdb_equality_candidates: (uid) not
>> indexed Oct 29 22:49:41 LBSD2 slapd[1085]: conn=1001 op=7 SEARCH RESULT
>> tag=101 err=0 nentries=1 text=
>> Oct 29 22:49:41 LBSD2 slapd[1085]: conn=1002 op=4 BIND
>> dn="uid=bluethundr,ou=summitnjops,ou=staff,dc=summitnjhome,dc=com"
>> method=128
>> Oct 29 22:49:41 LBSD2 slapd[1085]: conn=1002 op=4 RESULT tag=97 err=49
>> text=
>> tag=97
>
> Tag's are not error messages, they are information purpose.
>
> Error messages are prefixed with "err=", in this case, your log clearly
> shows the wrong password was used, or the binddn is wrong, or both.
>
> Thus the LDAP server returns "ERROR 49" very clearly in your log for
> connection 1002.
>
> You likely should also create an equality index on uid, since apparently
> your dns are uid based.
>
> --Quanah
>
> --
>
> Quanah Gibson-Mount
> Principal Software Engineer
> Zimbra, Inc
> --------------------
> Zimbra :: the leader in open source messaging and collaboration
>
--
Here's my RSA Public key:
gpg --keyserver pgp.mit.edu --recv-keys 5A4873A9
Share and enjoy!!