LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   Openldap Authentication error 'send_ldap_result: err=49 matched="" text=""' (http://www.linuxquestions.org/questions/linux-server-73/openldap-authentication-error-send_ldap_result-err%3D49-matched%3D-text%3D-866881/)

mahao 03-07-2011 12:50 AM

Openldap Authentication error 'send_ldap_result: err=49 matched="" text=""'
 
Our all applications are configured to use OpenLdap as user info repository.

Recently, one user "jirasupport" met some weird problem.

He couldn't login to one application but could login to another applications.

We dont know whats wrong.

So we open debug log of OpenLDAP.

And try to login from those two different application.

The login successfully log is
: do_bind
>>> dnPrettyNormal: <cn=jirasupport,ou=people,ou=eejira,o=nsn>
<<< dnPrettyNormal: <cn=jirasupport,ou=people,ou=eejira,o=nsn>, <cn=jirasupport,ou=people,ou=eejira,o=nsn>
do_bind: version=3 dn="cn=jirasupport,ou=people,ou=eejira,o=nsn" method=128
conn=8 op=0 BIND dn="cn=jirasupport,ou=people,ou=eejira,o=nsn" method=128
==> bdb_bind: dn: cn=jirasupport,ou=people,ou=eejira,o=nsn
bdb_dn2entry("cn=jirasupport,ou=people,ou=eejira,o=nsn")
=> access_allowed: auth access to "cn=jirasupport,ou=People,ou=eejira,o=nsn" "userPassword" requested
=> acl_get: [1] attr userPassword
access_allowed: no res from state (userPassword)
=> acl_mask: access to entry "cn=jirasupport,ou=People,ou=eejira,o=nsn", attr "userPassword" requested
=> acl_mask: to value by "", (=0)
<= check a_dn_pat: cn=manager,ou=eejira,o=nsn
<= check a_dn_pat: *
<= acl_mask: [2] applying read(=rscxd) (stop)
<= acl_mask: [2] mask: read(=rscxd)
=> access_allowed: auth access granted by read(=rscxd)
conn=8 op=0 BIND dn="cn=jirasupport,ou=People,ou=eejira,o=nsn" mech=SIMPLE ssf=0
do_bind: v3 bind: "cn=jirasupport,ou=people,ou=eejira,o=nsn" to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
send_ldap_result: conn=8 op=0 p=3
send_ldap_result: err=0 matched="" text=""
send_ldap_response: msgid=1 tag=97 err=0
conn=8 op=0 RESULT tag=97 err=0 text=



The login failed log is this:
:do_bind
daemon: activity on 1 descriptor
daemon: activity on:
>>> dnPrettyNormal: <cn=jirasupport,ou=people,ou=eejira,o=nsn>
<<< dnPrettyNormal: <cn=jirasupport,ou=people,ou=eejira,o=nsn>, <cn=jirasupport,ou=people,ou=eejira,o=nsn>
do_bind: version=3 dn="cn=jirasupport,ou=people,ou=eejira,o=nsn" method=128
conn=7 op=0 BIND dn="cn=jirasupport,ou=people,ou=eejira,o=nsn" method=128

==> bdb_bind: dn: cn=jirasupport,ou=people,ou=eejira,o=nsn
bdb_dn2entry("cn=jirasupport,ou=people,ou=eejira,o=nsn")
daemon: epoll: listen=7 active_threads=0 tvp=NULL
=> access_allowed: auth access to "cn=jirasupport,ou=People,ou=eejira,o=nsn" "userPassword" requested
daemon: epoll: listen=8 active_threads=0 tvp=NULL
=> acl_get: [1] attr userPassword
access_allowed: no res from state (userPassword)
=> acl_mask: access to entry "cn=jirasupport,ou=People,ou=eejira,o=nsn", attr "userPassword" requested
=> acl_mask: to value by "", (=0)
<= check a_dn_pat: cn=manager,ou=eejira,o=nsn
<= check a_dn_pat: *
<= acl_mask: [2] applying read(=rscxd) (stop)
<= acl_mask: [2] mask: read(=rscxd)
=> access_allowed: auth access granted by read(=rscxd)
send_ldap_result: conn=7 op=0 p=3
send_ldap_result: err=49 matched="" text=""
send_ldap_response: msgid=1 tag=97 err=49
conn=7 op=0 RESULT tag=97 err=49 text=
daemon: activity on 1 descriptor
daemon: activity on:
20r

daemon: read active on 20
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
connection_get(20)
connection_get(20): got connid=7
connection_read(20): checking for input on id=7
ber_get_next on fd 20 failed errno=0 (Success)
connection_read(20): input error=-2 id=7, closing.
connection_closing: readying conn=7 sd=20 for close
connection_close: conn=7 sd=-1
daemon: removing 20
conn=7 fd=20 closed (connection lost)



We compare their difference and found:

conn=8 op=0 BIND dn="cn=jirasupport,ou=People,ou=eejira,o=nsn" mech=SIMPLE ssf=0
do_bind: v3 bind: "cn=jirasupport,ou=people,ou=eejira,o=nsn" to "cn=jirasupport,ou=People,ou=eejira,o=nsn"


This line not present in failed log.

And we dont know why same user login different application would bring this error.

Please any body know about this, help us.

Thanks a lot.

mahao 03-07-2011 12:56 AM

And this is the record of 256 loglevel.

faild log:

Mar 7 08:54:07 esjirt68 slapd[14332]: conn=0 op=97136 SRCH base="ou=People,ou=eejira,o=nsn" scope=2 deref=3 filter="(&(objectClass=inetOrgPerson)(cn=jirasupport))"
Mar 7 08:54:07 esjirt68 slapd[14332]: conn=0 op=97136 SEARCH RESULT tag=101 err=0 nentries=1 text=
Mar 7 08:54:07 esjirt68 slapd[14332]: conn=28 fd=21 ACCEPT from IP=127.0.0.1:33776 (IP=0.0.0.0:389)
Mar 7 08:54:07 esjirt68 slapd[14332]: conn=28 op=0 BIND dn="cn=jirasupport,ou=people,ou=eejira,o=nsn" method=128
Mar 7 08:54:07 esjirt68 slapd[14332]: conn=28 op=0 RESULT tag=97 err=49 text=
Mar 7 08:54:07 esjirt68 slapd[14332]: conn=28 fd=21 closed (connection lost)


successful log:

Mar 7 08:55:58 esjirt68 slapd[14332]: conn=0 op=97137 SRCH base="ou=People,ou=eejira,o=nsn" scope=2 deref=3 filter="(&(objectClass=inetOrgPerson)(cn=jirasupport))"
Mar 7 08:55:58 esjirt68 slapd[14332]: conn=0 op=97137 SEARCH RESULT tag=101 err=0 nentries=1 text=
Mar 7 08:55:58 esjirt68 slapd[14332]: conn=29 fd=21 ACCEPT from IP=127.0.0.1:33789 (IP=0.0.0.0:389)
Mar 7 08:55:58 esjirt68 slapd[14332]: conn=29 op=0 BIND dn="cn=jirasupport,ou=people,ou=eejira,o=nsn" method=128
Mar 7 08:55:58 esjirt68 slapd[14332]: conn=29 op=0 BIND dn="cn=jirasupport,ou=People,ou=eejira,o=nsn" mech=SIMPLE ssf=0
Mar 7 08:55:58 esjirt68 slapd[14332]: conn=29 op=0 RESULT tag=97 err=0 text=


All times are GMT -5. The time now is 05:24 AM.