Thank you for the explanation. I was very good, Happy new year
Ulises Gonzalez Horta
Lead Linux Engineer
C: 786 450 2970/ 240 727 6267
E: ugonzalezhorta@breezeline.com jsutherland1@breezeline.com
On Tue, Jan 7, 2025 at 10:29 AM Ondřej Kuzník ondra@mistotebe.net wrote:
On Fri, Jan 03, 2025 at 02:21:58PM -0500, Ulises Gonzalez Horta wrote:
Can you please give an explanation of the full meaning?? That way we can learn because online it refers to invalid credentials, providing the user is good, then the password is what left over See this example where I intentionally put the wrong password
Hi Ulises, all it means is that for whatever reason, the credentials (combination of user and password in your case) is not accepted by the server.
Since confirming whether a user exists to a random passer-by (=anonymous session) is generally considered a very bad idea, the server is unwilling to disclose a reason for the failure. As you found out there might be a lot of things that end up influencing the ability to bind as a user: the user might not exist, there might be no useable password in the DB, ACLs might prevent this too if they deny auth access to the user or its password, the way you replicate the DB does not match up with what you expected...
If in doubt, especially when you suspect a misconfiguration, it is up to the administrator to investigate.
There might be reasons when more information actually gets returned, it should always be something the admin explicitly configured - e.g. password expiry information through the ppolicy overlay.
Regards,
-- Ondřej Kuzník Senior Software Engineer Symas Corporation http://www.symas.com Packaged, certified, and supported LDAP solutions powered by OpenLDAP