Hi folks,
Yesterday I see a lot of
"Apr 6 16:08:20 xen-ldap01 slapd[1167]: <= bdb_equality_candidates: (objectClass) not indexed"
in my OpenLDAP provider server log. After searching in docs (http://www.openldap.org/faq/data/cache/42.html), I applied
index objectClass eq
instead of previous
#index objectClass eq
and restart the service.
The suprise has been when a few users cannot login in system through LDAP validation this morning. The errors in log (in client logs) was:
[...] Apr 9 09:11:13 hc23 sshd[44389]: pam_ldap: error trying to bind as user "uid=ivan,ou=SAT,ou=Tecnic,dc=my_company,dc=com" (Invalid credentials) Apr 9 09:11:13 hc23 sshd[44387]: error: PAM: authentication error for illegal user ivan from XXX.XXX.XXX.XXX [...]
The solution has been easy: comment the "index objectClass eq" parameter again in slapd conf file.
¿Why it happens? I wonder it. Maybe some cache-related issue...