Re: tag=97 error in openLDAP - openldap-technical

1 Nov 2010

      Thank you very much for your clarifying message. I have found it very
helpful, but the problem actually turned out not to be the password,
but the problem actually turned out to be the loginShell.
44 uid=bluethundr,ou=summitnjops,ou=staff,dc=summitnjhome,dc=com
uid: bluethundr
cn: Timothy P. ThatGuy
givenName: Timothy P.
sn: ThatGuy
mail: bluethundr@example.com
mailRoutingAddress: bluethundr@mail.example.com
mailHost: mail.summitnjhome.com
objectClass: inetLocalMailRecipient
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
userPassword: {CRYPT}secret
uidNumber: 1001
gidNumber: 1002
homeDirectory: /home/bluethundr
gecos: Timothy P. ThatGuy
loginShell: /usr/local/bin/bash
The LDAP server is FreeBSD but the clients are CentOS.
The problem turned out to be that the PADL migration script that had
generated the user ldif from /etc/passwd and produced the loginShell
attribute with a BSD path to bash (i.e. /usr/local/bin/bash), when the
clients which are all CentOS needed the red hat path to bash (i.e.
/bin/bash).
I have also added an index for uid to by slap.conf as per your suggestion.
Best regards and thank you again for your assistance!
On Sun, Oct 31, 2010 at 8:26 PM, Quanah Gibson-Mount quanah@zimbra.com wrote:
...
--On Saturday, October 30, 2010 8:51 AM -0400 Tim Dunphy
bluethundr@gmail.com wrote:
...
Oct 29 22:49:41 LBSD2 slapd[1085]: <= bdb_equality_candidates: (uid) not
indexed Oct 29 22:49:41 LBSD2 slapd[1085]: conn=1001 op=7 SEARCH RESULT
tag=101 err=0 nentries=1 text=
Oct 29 22:49:41 LBSD2 slapd[1085]: conn=1002 op=4 BIND
dn="uid=bluethundr,ou=summitnjops,ou=staff,dc=summitnjhome,dc=com"
method=128
Oct 29 22:49:41 LBSD2 slapd[1085]: conn=1002 op=4 RESULT tag=97 err=49
text=
tag=97
Tag's are not error messages, they are information purpose.
Error messages are prefixed with "err=", in this case, your log clearly
shows the wrong password was used, or the binddn is wrong, or both.
Thus the LDAP server returns "ERROR 49" very clearly in your log for
connection 1002.
You likely should also create an equality index on uid, since apparently
your dns are uid based.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc

Zimbra ::  the leader in open source messaging and collaboration
-- 
Here's my RSA Public key:
gpg --keyserver pgp.mit.edu --recv-keys 5A4873A9

Share and enjoy!!