[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Openldap 2.4.x log details for error 49



Am Wed, 11 Sep 2019 12:08:36 +0000
schrieb François Pernet <Francois.Pernet@idsa.ch>:

> Hi all,
> 
> We have a solution running on which openldap is the identity
> repository. OpenLDAP 2.4 is installed (on CentOS) also with policy.
> The system is able to send traps when authentication problem occurs,
> based on the slapd generated logs.
> 
> Unfortunatly the log contains such error: "Jun  5 11:27:16 vms
> slapd[32101]: conn=1174 op=0 RESULT tag=97 err=49 text=" when the
> password entered generates an  "invalid crendentials" message. This
> is fine, but the error could mean the following:
> 
>   *   Wrong user or password
>   *   Expired account
>   *   Account locked or disabled
>   *   User must change its password
> 
> Question is : is it possible to find a way to have the details for
> error 49 ? (this error message is far too generic)

No, it is not possible to split ldap-result-code, but you may consider
a password policy, which provides some information on the result of a
slapo-ppolicy(5) operation.  

-Dieter

-- 
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E