LQ Newbie
Registered: Dec 2010
Posts: 8
Rep:
|
Openldap Authentication error 'send_ldap_result: err=49 matched="" text=""'
Our all applications are configured to use OpenLdap as user info repository.
Recently, one user "jirasupport" met some weird problem.
He couldn't login to one application but could login to another applications.
We dont know whats wrong.
So we open debug log of OpenLDAP.
And try to login from those two different application.
The login successfully log is
: do_bind
>>> dnPrettyNormal: <cn=jirasupport,ou=people,ou=eejira,o=nsn>
<<< dnPrettyNormal: <cn=jirasupport,ou=people,ou=eejira,o=nsn>, <cn=jirasupport,ou=people,ou=eejira,o=nsn>
do_bind: version=3 dn="cn=jirasupport,ou=people,ou=eejira,o=nsn" method=128
conn=8 op=0 BIND dn="cn=jirasupport,ou=people,ou=eejira,o=nsn" method=128
==> bdb_bind: dn: cn=jirasupport,ou=people,ou=eejira,o=nsn
bdb_dn2entry("cn=jirasupport,ou=people,ou=eejira,o=nsn")
=> access_allowed: auth access to "cn=jirasupport,ou=People,ou=eejira,o=nsn" "userPassword" requested
=> acl_get: [1] attr userPassword
access_allowed: no res from state (userPassword)
=> acl_mask: access to entry "cn=jirasupport,ou=People,ou=eejira,o=nsn", attr "userPassword" requested
=> acl_mask: to value by "", (=0)
<= check a_dn_pat: cn=manager,ou=eejira,o=nsn
<= check a_dn_pat: *
<= acl_mask: [2] applying read(=rscxd) (stop)
<= acl_mask: [2] mask: read(=rscxd)
=> access_allowed: auth access granted by read(=rscxd)
conn=8 op=0 BIND dn="cn=jirasupport,ou=People,ou=eejira,o=nsn" mech=SIMPLE ssf=0
do_bind: v3 bind: "cn=jirasupport,ou=people,ou=eejira,o=nsn" to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
send_ldap_result: conn=8 op=0 p=3
send_ldap_result: err=0 matched="" text=""
send_ldap_response: msgid=1 tag=97 err=0
conn=8 op=0 RESULT tag=97 err=0 text=
The login failed log is this:
:do_bind
daemon: activity on 1 descriptor
daemon: activity on:
>>> dnPrettyNormal: <cn=jirasupport,ou=people,ou=eejira,o=nsn>
<<< dnPrettyNormal: <cn=jirasupport,ou=people,ou=eejira,o=nsn>, <cn=jirasupport,ou=people,ou=eejira,o=nsn>
do_bind: version=3 dn="cn=jirasupport,ou=people,ou=eejira,o=nsn" method=128
conn=7 op=0 BIND dn="cn=jirasupport,ou=people,ou=eejira,o=nsn" method=128
==> bdb_bind: dn: cn=jirasupport,ou=people,ou=eejira,o=nsn
bdb_dn2entry("cn=jirasupport,ou=people,ou=eejira,o=nsn")
daemon: epoll: listen=7 active_threads=0 tvp=NULL
=> access_allowed: auth access to "cn=jirasupport,ou=People,ou=eejira,o=nsn" "userPassword" requested
daemon: epoll: listen=8 active_threads=0 tvp=NULL
=> acl_get: [1] attr userPassword
access_allowed: no res from state (userPassword)
=> acl_mask: access to entry "cn=jirasupport,ou=People,ou=eejira,o=nsn", attr "userPassword" requested
=> acl_mask: to value by "", (=0)
<= check a_dn_pat: cn=manager,ou=eejira,o=nsn
<= check a_dn_pat: *
<= acl_mask: [2] applying read(=rscxd) (stop)
<= acl_mask: [2] mask: read(=rscxd)
=> access_allowed: auth access granted by read(=rscxd)
send_ldap_result: conn=7 op=0 p=3
send_ldap_result: err=49 matched="" text=""
send_ldap_response: msgid=1 tag=97 err=49
conn=7 op=0 RESULT tag=97 err=49 text=
daemon: activity on 1 descriptor
daemon: activity on:
20r
daemon: read active on 20
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
connection_get(20)
connection_get(20): got connid=7
connection_read(20): checking for input on id=7
ber_get_next on fd 20 failed errno=0 (Success)
connection_read(20): input error=-2 id=7, closing.
connection_closing: readying conn=7 sd=20 for close
connection_close: conn=7 sd=-1
daemon: removing 20
conn=7 fd=20 closed (connection lost)
We compare their difference and found:
conn=8 op=0 BIND dn="cn=jirasupport,ou=People,ou=eejira,o=nsn" mech=SIMPLE ssf=0
do_bind: v3 bind: "cn=jirasupport,ou=people,ou=eejira,o=nsn" to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
This line not present in failed log.
And we dont know why same user login different application would bring this error.
Please any body know about this, help us.
Thanks a lot.
|