(ITS#6854) When login from one application, "error=49" error show up, but other application's login are all right.
Full_Name: hao ma Version: 2.3.43 OS: linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (124.161.106.50)
We have configured Openldap as our user info repository for all our applications.(include Atlassian JIRA,Confluence,Fisheye,Crowd).
Then we met an very strange user.
This user can logged in confluence successfully, but when could not log in fisheye. And in a little chance, he could log in fisheye correctly.
Firstly , we try to find problem from these applications.
And all clue point to Openldap server.
So we configure Openldap Loglever as -1.
And we recorded two different log of logging in confluence and logging in fisheye.
Log of confluence logging: daemon: activity on 1 descriptor daemon: activity on: 17r
daemon: read active on 17 daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL connection_get(17) connection_get(17): got connid=5 connection_read(17): checking for input on id=5 do_search daemon: activity on 1 descriptor
dnPrettyNormal: <ou=eejira,o=nsn>
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL <<< dnPrettyNormal: <ou=eejira,o=nsn>, <ou=eejira,o=nsn> SRCH "ou=eejira,o=nsn" 2 3 0 0 0 begin get_filter daemon: epoll: listen=8 active_threads=0 tvp=NULL AND begin get_filter_list begin get_filter EQUALITY end get_filter 0 begin get_filter EQUALITY end get_filter 0 end get_filter_list end get_filter 0 filter: (&(objectClass=person)(uid=jirasupport)) => get_ctrls => get_ctrls: oid="2.16.840.1.113730.3.4.2" (noncritical) <= get_ctrls: n=1 rc=0 err="" attrs:
conn=5 op=8052 SRCH base="ou=eejira,o=nsn" scope=2 deref=3 filter="(&(objectClass=person)(uid=jirasupport))" slap_global_control: unavailable control: 2.16.840.1.113730.3.4.2 => bdb_search bdb_dn2entry("ou=eejira,o=nsn") search_candidates: base="ou=eejira,o=nsn" (0x00000001) scope=2 => bdb_filter_candidates EQUALITY => bdb_equality_candidates (objectClass) => key_read bdb_idl_fetch_key: [01872a84] <= bdb_index_read: failed (-30989) <= bdb_equality_candidates: id=0, first=0, last=0 <= bdb_filter_candidates: id=0 first=0 last=0 => bdb_dn2idl("ou=eejira,o=nsn") => bdb_filter_candidates AND => bdb_list_candidates 0xa0 => bdb_filter_candidates AND => bdb_list_candidates 0xa0 => bdb_filter_candidates EQUALITY => bdb_equality_candidates (objectClass) => key_read bdb_idl_fetch_key: [8c70ccf9] <= bdb_index_read 12658 candidates <= bdb_equality_candidates: id=12658, first=244, last=12912 <= bdb_filter_candidates: id=12658 first=244 last=12912 => bdb_filter_candidates EQUALITY => bdb_equality_candidates (uid) => key_read bdb_idl_fetch_key: [66ddc068] <= bdb_index_read 1 candidates <= bdb_equality_candidates: id=1, first=3763, last=3763 <= bdb_filter_candidates: id=1 first=3763 last=3763 <= bdb_list_candidates: id=1 first=3763 last=3763 <= bdb_filter_candidates: id=1 first=3763 last=3763 <= bdb_list_candidates: id=1 first=3763 last=3763 <= bdb_filter_candidates: id=1 first=3763 last=3763 bdb_search_candidates: id=1 first=3763 last=3763 => test_filter AND => test_filter_and => test_filter EQUALITY => access_allowed: search access to "cn=jirasupport,ou=People,ou=eejira,o=nsn" "objectClass" requested <= root access granted <= test_filter 6 => test_filter EQUALITY => access_allowed: search access to "cn=jirasupport,ou=People,ou=eejira,o=nsn" "uid" requested <= root access granted <= test_filter 6 <= test_filter_and 6 <= test_filter 6 => send_search_entry: conn 5 dn="cn=jirasupport,ou=People,ou=eejira,o=nsn" => access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn" "entry" requested <= root access granted => access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn" "objectClass" requested <= root access granted => access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn" "userPassword" requested <= root access granted => access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn" "cn" requested <= root access granted => access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn" "uid" requested <= root access granted => access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn" "mail" requested <= root access granted => access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn" "givenName" requested <= root access granted => access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn" "displayName" requested <= root access granted => access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn" "sn" requested <= root access granted conn=5 op=8052 ENTRY dn="cn=jirasupport,ou=people,ou=eejira,o=nsn" <= send_search_entry: conn 5 exit. send_ldap_result: conn=5 op=8052 p=3 send_ldap_result: err=0 matched="" text="" send_ldap_response: msgid=8053 tag=101 err=0 conn=5 op=8052 SEARCH RESULT tag=101 err=0 nentries=1 text= daemon: activity on 1 descriptor daemon: activity on:
slap_listener_activate(8): daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 busy
slap_listener(ldap:///)
daemon: listen=8, new connection on 20 daemon: added 20r (active) listener=(nil) conn=8 fd=20 ACCEPT from IP=87.254.208.143:42569 (IP=0.0.0.0:389) daemon: activity on 2 descriptors daemon: activity on: 20r
daemon: read active on 20 daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL connection_get(20) connection_get(20): got connid=8 connection_read(20): checking for input on id=8 do_bind
dnPrettyNormal: <cn=jirasupport,ou=people,ou=eejira,o=nsn>
<<< dnPrettyNormal: <cn=jirasupport,ou=people,ou=eejira,o=nsn>, <cn=jirasupport,ou=people,ou=eejira,o=nsn> do_bind: version=3 dn="cn=jirasupport,ou=people,ou=eejira,o=nsn" method=128 conn=8 op=0 BIND dn="cn=jirasupport,ou=people,ou=eejira,o=nsn" method=128 ==> bdb_bind: dn: cn=jirasupport,ou=people,ou=eejira,o=nsn bdb_dn2entry("cn=jirasupport,ou=people,ou=eejira,o=nsn") => access_allowed: auth access to "cn=jirasupport,ou=People,ou=eejira,o=nsn" "userPassword" requested => acl_get: [1] attr userPassword access_allowed: no res from state (userPassword) => acl_mask: access to entry "cn=jirasupport,ou=People,ou=eejira,o=nsn", attr "userPassword" requested => acl_mask: to value by "", (=0) <= check a_dn_pat: cn=manager,ou=eejira,o=nsn <= check a_dn_pat: * <= acl_mask: [2] applying read(=rscxd) (stop) <= acl_mask: [2] mask: read(=rscxd) => access_allowed: auth access granted by read(=rscxd) conn=8 op=0 BIND dn="cn=jirasupport,ou=People,ou=eejira,o=nsn" mech=SIMPLE ssf=0 do_bind: v3 bind: "cn=jirasupport,ou=people,ou=eejira,o=nsn" to "cn=jirasupport,ou=People,ou=eejira,o=nsn" send_ldap_result: conn=8 op=0 p=3 send_ldap_result: err=0 matched="" text="" send_ldap_response: msgid=1 tag=97 err=0 conn=8 op=0 RESULT tag=97 err=0 text= daemon: activity on 1 descriptor daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL
Log of fisheye logging: daemon: activity on 1 descriptor daemon: activity on: 17r
daemon: read active on 17 daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL connection_get(17) connection_get(17): got connid=5 connection_read(17): checking for input on id=5 do_search
dnPrettyNormal: <ou=eejira,o=nsn>
<<< dnPrettyNormal: <ou=eejira,o=nsn>, <ou=eejira,o=nsn> SRCH "ou=eejira,o=nsn" 2 3 0 0 0 begin get_filter AND begin get_filter_list begin get_filter EQUALITY end get_filter 0 begin get_filter EQUALITY end get_filter 0 end get_filter_list end get_filter 0 filter: (&(objectClass=person)(uid=jirasupport)) => get_ctrls => get_ctrls: oid="2.16.840.1.113730.3.4.2" (noncritical) <= get_ctrls: n=1 rc=0 err="" attrs:
conn=5 op=8051 SRCH base="ou=eejira,o=nsn" scope=2 deref=3 filter="(&(objectClass=person)(uid=jirasupport))" slap_global_control: unavailable control: 2.16.840.1.113730.3.4.2 => bdb_search bdb_dn2entry("ou=eejira,o=nsn") search_candidates: base="ou=eejira,o=nsn" (0x00000001) scope=2 => bdb_filter_candidates EQUALITY => bdb_equality_candidates (objectClass) => key_read bdb_idl_fetch_key: [01872a84] <= bdb_index_read: failed (-30989) <= bdb_equality_candidates: id=0, first=0, last=0 <= bdb_filter_candidates: id=0 first=0 last=0 => bdb_dn2idl("ou=eejira,o=nsn") => bdb_filter_candidates AND => bdb_list_candidates 0xa0 => bdb_filter_candidates AND => bdb_list_candidates 0xa0 => bdb_filter_candidates EQUALITY => bdb_equality_candidates (objectClass) => key_read bdb_idl_fetch_key: [8c70ccf9] daemon: activity on 1 descriptor daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL <= bdb_index_read 12658 candidates <= bdb_equality_candidates: id=12658, first=244, last=12912 <= bdb_filter_candidates: id=12658 first=244 last=12912 => bdb_filter_candidates EQUALITY => bdb_equality_candidates (uid) => key_read bdb_idl_fetch_key: [66ddc068] <= bdb_index_read 1 candidates <= bdb_equality_candidates: id=1, first=3763, last=3763 <= bdb_filter_candidates: id=1 first=3763 last=3763 <= bdb_list_candidates: id=1 first=3763 last=3763 <= bdb_filter_candidates: id=1 first=3763 last=3763 <= bdb_list_candidates: id=1 first=3763 last=3763 <= bdb_filter_candidates: id=1 first=3763 last=3763 bdb_search_candidates: id=1 first=3763 last=3763 entry_decode: "cn=jirasupport,ou=People,ou=eejira,o=nsn" <= entry_decode(cn=jirasupport,ou=People,ou=eejira,o=nsn) => test_filter AND => test_filter_and => test_filter EQUALITY => access_allowed: search access to "cn=jirasupport,ou=People,ou=eejira,o=nsn" "objectClass" requested <= root access granted <= test_filter 6 => test_filter EQUALITY => access_allowed: search access to "cn=jirasupport,ou=People,ou=eejira,o=nsn" "uid" requested <= root access granted <= test_filter 6 <= test_filter_and 6 <= test_filter 6 => send_search_entry: conn 5 dn="cn=jirasupport,ou=People,ou=eejira,o=nsn" => access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn" "entry" requested <= root access granted => access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn" "objectClass" requested <= root access granted => access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn" "userPassword" requested <= root access granted => access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn" "cn" requested <= root access granted => access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn" "uid" requested <= root access granted => access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn" "mail" requested <= root access granted => access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn" "givenName" requested <= root access granted => access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn" "displayName" requested <= root access granted => access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn" "sn" requested <= root access granted conn=5 op=8051 ENTRY dn="cn=jirasupport,ou=people,ou=eejira,o=nsn" <= send_search_entry: conn 5 exit. send_ldap_result: conn=5 op=8051 p=3 send_ldap_result: err=0 matched="" text="" send_ldap_response: msgid=8052 tag=101 err=0 conn=5 op=8051 SEARCH RESULT tag=101 err=0 nentries=1 text= daemon: activity on 1 descriptor daemon: activity on:
slap_listener_activate(8): daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 busy
slap_listener(ldap:///)
daemon: listen=8, new connection on 20 daemon: added 20r (active) listener=(nil) conn=7 fd=20 ACCEPT from IP=87.254.208.143:39622 (IP=0.0.0.0:389) daemon: activity on 1 descriptor daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: activity on: 20r
daemon: read active on 20 daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL connection_get(20) connection_get(20): got connid=7 connection_read(20): checking for input on id=7 do_bind daemon: activity on 1 descriptor daemon: activity on:
dnPrettyNormal: <cn=jirasupport,ou=people,ou=eejira,o=nsn>
<<< dnPrettyNormal: <cn=jirasupport,ou=people,ou=eejira,o=nsn>, <cn=jirasupport,ou=people,ou=eejira,o=nsn> do_bind: version=3 dn="cn=jirasupport,ou=people,ou=eejira,o=nsn" method=128 conn=7 op=0 BIND dn="cn=jirasupport,ou=people,ou=eejira,o=nsn" method=128
==> bdb_bind: dn: cn=jirasupport,ou=people,ou=eejira,o=nsn bdb_dn2entry("cn=jirasupport,ou=people,ou=eejira,o=nsn") daemon: epoll: listen=7 active_threads=0 tvp=NULL => access_allowed: auth access to "cn=jirasupport,ou=People,ou=eejira,o=nsn" "userPassword" requested daemon: epoll: listen=8 active_threads=0 tvp=NULL => acl_get: [1] attr userPassword access_allowed: no res from state (userPassword) => acl_mask: access to entry "cn=jirasupport,ou=People,ou=eejira,o=nsn", attr "userPassword" requested => acl_mask: to value by "", (=0) <= check a_dn_pat: cn=manager,ou=eejira,o=nsn <= check a_dn_pat: * <= acl_mask: [2] applying read(=rscxd) (stop) <= acl_mask: [2] mask: read(=rscxd) => access_allowed: auth access granted by read(=rscxd) send_ldap_result: conn=7 op=0 p=3 send_ldap_result: err=49 matched="" text="" send_ldap_response: msgid=1 tag=97 err=49 conn=7 op=0 RESULT tag=97 err=49 text= daemon: activity on 1 descriptor daemon: activity on: 20r
daemon: read active on 20 daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL connection_get(20) connection_get(20): got connid=7 connection_read(20): checking for input on id=7 ber_get_next on fd 20 failed errno=0 (Success) connection_read(20): input error=-2 id=7, closing. connection_closing: readying conn=7 sd=20 for close connection_close: conn=7 sd=-1 daemon: removing 20 conn=7 fd=20 closed (connection lost) daemon: activity on 1 descriptor daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL
And other users are all right for logging in all applications.
Do you have any advice for this problem?
Thanks a lot.
-
mahaoboy@gmail.com