One note I would like to add. If the password is reset the failures, then it works fine on both ldap servers and the password file. Thanks!
-----Original Message----- From: openldap-software-bounces+douglas=gpc.edu@openldap.org [mailto:openldap-software-bounces+douglas=gpc.edu@openldap.org] On Behalf Of Douglas B. Jones Sent: Wednesday, November 15, 2006 11:36 AM To: openldap-software@openldap.org Cc: douglas@gpc.edu Subject: password validation
I have two ldap servers:
1) on machine A, a tru64 platform with openldap-2.2.20 2) on machine B, a rhel4 platform with openldap-2.3.27
We are trying to migrate to the rhel4 machine with the more recent ldap. The problem is that sometimes the validation fails. Due to the number of failures of validation against the rhel4 machine, we set up a program that:
a) checks the encrypted password against the tru64 password file (the source) and against both ldap servers. Understand, this is comparing the encrypted password to see if they are the same. b) tries to validate against all three locations.
The strange thing is that a high number of instances, the encrypted password matches on all three locations, the password (via this test program) validates against the password file and the tru64 ldap, but fails to validate with err=49 (invalid credentials) against the rhel4 box. The best I can tell, it is random. Most work, but a high percentage fail. We rebuild both ldaps each night. I was building the tru64 one with ldapadd and the rhel4 with slapadd. I then switched to 'slapdd -q'. Still had the problems, although they seemed a little better, so last night I switch to ldapadd as in the rhel4 machine. I am not seeing some that are following this same patter, validate against the password file and tru64 ldap, but fail against the rhel4 ldap.
One other note, both ldaps are built from the same ldif files. Any ideas?
Thanks for any help!