[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Openldap 2.4.x log details for error 49
Am Wed, 11 Sep 2019 12:08:36 +0000
schrieb François Pernet <Francois.Pernet@idsa.ch>:
> Hi all,
>
> We have a solution running on which openldap is the identity
> repository. OpenLDAP 2.4 is installed (on CentOS) also with policy.
> The system is able to send traps when authentication problem occurs,
> based on the slapd generated logs.
>
> Unfortunatly the log contains such error: "Jun 5 11:27:16 vms
> slapd[32101]: conn=1174 op=0 RESULT tag=97 err=49 text=" when the
> password entered generates an "invalid crendentials" message. This
> is fine, but the error could mean the following:
>
> * Wrong user or password
> * Expired account
> * Account locked or disabled
> * User must change its password
>
> Question is : is it possible to find a way to have the details for
> error 49 ? (this error message is far too generic)
No, it is not possible to split ldap-result-code, but you may consider
a password policy, which provides some information on the result of a
slapo-ppolicy(5) operation.
-Dieter
--
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E