LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 10-29-2010, 09:54 PM   #1
bluethundr
Member
 
Registered: Jun 2003
Location: Summit, NJ
Distribution: CentOS 5.4
Posts: 122

Rep: Reputation: 15
Post tag=97 error in openLDAP


Hello,

I recently had a friend work on our openldap server. he made some
changes to the cofigs without backing them up and now users are unable
to authenticate against this openldap 2.4 server where previously they
could.

when a user ssh's to any machine on the network that is configured to
listen to this ldap server now gets an error in the LDAP logs:

Code:
Oct 29 22:49:41 LBSD2 slapd[1085]: <= bdb_equality_candidates: (uid) not indexed
Oct 29 22:49:41 LBSD2 slapd[1085]: conn=1001 op=7 SEARCH RESULT
tag=101 err=0 nentries=1 text=
Oct 29 22:49:41 LBSD2 slapd[1085]: conn=1002 op=4 BIND
dn="uid=bluethundr,ou=summitnjops,ou=staff,dc=summitnjhome,dc=com"
method=128
Oct 29 22:49:41 LBSD2 slapd[1085]: conn=1002 op=4 RESULT tag=97 err=49 text=
Oct 29 22:49:41 LBSD2 slapd[1085]: conn=1002 op=5 BIND dn="" method=128
Oct 29 22:49:41 LBSD2 slapd[1085]: conn=1002 op=5 RESULT tag=97 err=0 text=
it looks like it's failing to bind:

conn=1003 op=3 BIND dn="" method=128

and I think this error may be key but I am unsure of it's meaning:

tag=97

my ldap.conf reads as so:

Code:
host ldap.summitnjhome.com
base dc=summitnjhome,dc=com
scope sub
pam_password exop
nss_base_passwd ou=staff,dc=summitnjhome,dc=com
nss_base_shadow ou=staff,dc=summitnjhome,dc=com
sudoers_base ou=sudoers,ou=Services,dc=summitnjhome,dc=com
And why would the uid not be indexed?

and this is the user id in LDAP:
Code:
[root@LBSD2:/home/bluethundr/txt/ldif]#cat bluethundr.ldif
dn: uid=bluethundr,ou=summitnjops,ou=staff,dc=summitnjhome,dc=com
uid: bluethundr
cn: Timothy P. 
givenName: Timothy P.
sn: 
mail: bluethundr@blah.com
mailRoutingAddress: bluethundr@mail.blah.com
mailHost: mail.summitnjhome.com
objectClass: inetLocalMailRecipient
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
userPassword: {CRYPT}secret
loginShell: /usr/local/bin/bash
uidNumber: 1001
gidNumber: 1002
homeDirectory: /home/bluethundr
gecos: Timothy P.

and these are my ACL's in slapd.conf:

Code:
access to *
            by read

access to attrs=userPassword by self write
                             by anonymous auth
access to * by self write
            by dn.children="ou=summitnjops,ou=staff,dc=summitnjhome,dc=com" write
            by users read
            by anonymous auth

access to * by self write

I would certainly appreciate any help to get this working again!

thank you

Last edited by bluethundr; 10-30-2010 at 07:49 AM. Reason: added slapd.conf ACL's
 
Old 10-30-2010, 03:45 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,378

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
No idea what the tag attribute means off hand, never affected by reading of my own logs to be honest. You do have err=49 there, which principally means invalid credentials, but can also mean an expired password if I remember correctly. I don't think this covers other errors of a similar nature such as missing password attributes to validate against. So essentially, it does look like an account specific thing, not schema related etc., but possibly en masse.
 
1 members found this post helpful.
  


Reply

Tags
openldap


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Need assistance with shell script - replace a string with a start tag and end tag SupermanInNY Programming 18 01-02-2010 05:44 PM
nss_ldap, openldap and openldap-server ... what is openldap for? chakkerz Linux - Server 2 08-13-2009 07:16 PM
openldap make error 1 ikinnu Linux - Software 14 06-12-2008 03:59 AM
Strange tag error crashsystems LQ Suggestions & Feedback 3 08-11-2006 04:27 PM
OpenLDAP Authentication error paul_mat Linux - Networking 1 07-18-2005 12:48 AM


All times are GMT -5. The time now is 06:51 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration