Am Wed, 11 Sep 2019 12:08:36 +0000 schrieb François Pernet Francois.Pernet@idsa.ch:
Hi all,
We have a solution running on which openldap is the identity repository. OpenLDAP 2.4 is installed (on CentOS) also with policy. The system is able to send traps when authentication problem occurs, based on the slapd generated logs.
Unfortunatly the log contains such error: "Jun 5 11:27:16 vms slapd[32101]: conn=1174 op=0 RESULT tag=97 err=49 text=" when the password entered generates an "invalid crendentials" message. This is fine, but the error could mean the following:
- Wrong user or password
- Expired account
- Account locked or disabled
- User must change its password
Question is : is it possible to find a way to have the details for error 49 ? (this error message is far too generic)
No, it is not possible to split ldap-result-code, but you may consider a password policy, which provides some information on the result of a slapo-ppolicy(5) operation.
-Dieter