[Date Prev][Date Next] [Chronological] [Thread] [Top]

On Friday 13 August 2004 03:35, Andrew Diederich wrote:
> I'm having problem some problems authenticating against openLDAP, and I  
> think the answer may be in the openLDAP logfile, but I don't know how to  
> read it right.  It looks like successful binds look like this:
> 
> Aug  9 08:36:17 servername slapd[16836]: conn=0 op=20 RESULT tag=97 err=0  
> text=
> 
> and unsuccessful binds look like this:
> 
> Aug  9 08:35:03 servername slapd[11823]: conn=11771 op=108408 SEARCH  
> RESULT tag=101 err=0 nentries=0 text=
> 
> The big difference as far as I can tell is the tag=101 vs the tag=97.   

The tags indicate what type of message the is sending tag=101 is a 
"SearchResultDone" message, while tag=97 is a "BindResponse". I can't say if 
this is really related to your authentication problem, without knowing more 
about the application. But if it is, it might be that the application is 
first doing an anonymous search to find out which DN to use for binding (e.g. 
pam_ldap is doing it like this) and this search is returning no result 
(nentries=0) so the application can't bind. But this is more or less just a 
wild guess.

-- 
regards,
	Ralf Haferkamp
SUSE LINUX AG, Maxfeldstrasse 5, D-90409 Nuernberg
T: +49-911-74053-0
F: +49-911-74053575 - Ralf.Haferkamp@suse.com

Follow-Ups:
- Re: definition of tag= entries in logs
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

References:
- definition of tag= entries in logs
  - From: "Andrew Diederich" <diederic@boulder.net>

Prev by Date: Re: Roles
Next by Date: Re: start_tls versus ldaps
Index(es):
- Chronological
- Thread

Re: definition of tag= entries in logs