[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6854) When login from one application, "error=49" error show up, but other application's login are all right.



Full_Name: hao ma
Version: 2.3.43
OS: linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (124.161.106.50)


We have configured Openldap as our user info repository for all our
applications.(include Atlassian JIRA,Confluence,Fisheye,Crowd).

Then we met an very strange user.

This user can logged in confluence successfully, but when could not log in
fisheye.
And in a little chance, he could log in fisheye correctly.

Firstly , we try to find problem from these applications.

And all clue point to Openldap server.

So we configure Openldap Loglever as -1.

And we recorded two different log of logging in confluence and logging in
fisheye.

Log of confluence logging:
    daemon: activity on 1 descriptor 
 daemon: activity on:
  17r
  
 daemon: read active on 17 
 daemon: epoll: listen=7 active_threads=0 tvp=NULL 
 daemon: epoll: listen=8 active_threads=0 tvp=NULL 
 connection_get(17) 
 connection_get(17): got connid=5 
 connection_read(17): checking for input on id=5 
 do_search 
 daemon: activity on 1 descriptor 
 >>> dnPrettyNormal: <ou=eejira,o=nsn> 
 daemon: activity on:
  
 daemon: epoll: listen=7 active_threads=0 tvp=NULL 
 <<< dnPrettyNormal: <ou=eejira,o=nsn>, <ou=eejira,o=nsn> 
 SRCH "ou=eejira,o=nsn" 2 3
     0 0 0 
 begin get_filter 
 daemon: epoll: listen=8 active_threads=0 tvp=NULL 
 AND 
 begin get_filter_list 
 begin get_filter 
 EQUALITY 
 end get_filter 0 
 begin get_filter 
 EQUALITY 
 end get_filter 0 
 end get_filter_list 
 end get_filter 0 
     filter: (&(objectClass=person)(uid=jirasupport)) 
 => get_ctrls 
 => get_ctrls: oid="2.16.840.1.113730.3.4.2" (noncritical) 
 <= get_ctrls: n=1 rc=0 err="" 
     attrs:
  
 conn=5 op=8052 SRCH base="ou=eejira,o=nsn" scope=2 deref=3
filter="(&(objectClass=person)(uid=jirasupport))" 
 slap_global_control: unavailable control: 2.16.840.1.113730.3.4.2 
 => bdb_search 
 bdb_dn2entry("ou=eejira,o=nsn") 
 search_candidates: base="ou=eejira,o=nsn" (0x00000001) scope=2 
 => bdb_filter_candidates 
 	EQUALITY 
 => bdb_equality_candidates (objectClass) 
 => key_read 
 bdb_idl_fetch_key: [01872a84] 
 <= bdb_index_read: failed (-30989) 
 <= bdb_equality_candidates: id=0, first=0, last=0 
 <= bdb_filter_candidates: id=0 first=0 last=0 
 => bdb_dn2idl("ou=eejira,o=nsn") 
 => bdb_filter_candidates 
 	AND 
 => bdb_list_candidates 0xa0 
 => bdb_filter_candidates 
 	AND 
 => bdb_list_candidates 0xa0 
 => bdb_filter_candidates 
 	EQUALITY 
 => bdb_equality_candidates (objectClass) 
 => key_read 
 bdb_idl_fetch_key: [8c70ccf9] 
 <= bdb_index_read 12658 candidates 
 <= bdb_equality_candidates: id=12658, first=244, last=12912 
 <= bdb_filter_candidates: id=12658 first=244 last=12912 
 => bdb_filter_candidates 
 	EQUALITY 
 => bdb_equality_candidates (uid) 
 => key_read 
 bdb_idl_fetch_key: [66ddc068] 
 <= bdb_index_read 1 candidates 
 <= bdb_equality_candidates: id=1, first=3763, last=3763 
 <= bdb_filter_candidates: id=1 first=3763 last=3763 
 <= bdb_list_candidates: id=1 first=3763 last=3763 
 <= bdb_filter_candidates: id=1 first=3763 last=3763 
 <= bdb_list_candidates: id=1 first=3763 last=3763 
 <= bdb_filter_candidates: id=1 first=3763 last=3763 
 bdb_search_candidates: id=1 first=3763 last=3763 
 => test_filter 
     AND 
 => test_filter_and 
 => test_filter 
     EQUALITY 
 => access_allowed: search access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"objectClass" requested 
 <= root access granted 
 <= test_filter 6 
 => test_filter 
     EQUALITY 
 => access_allowed: search access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"uid" requested 
 <= root access granted 
 <= test_filter 6 
 <= test_filter_and 6 
 <= test_filter 6 
 => send_search_entry: conn 5 dn="cn=jirasupport,ou=People,ou=eejira,o=nsn" 
 => access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"entry" requested 
 <= root access granted 
 => access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"objectClass" requested 
 <= root access granted 
 => access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"userPassword" requested 
 <= root access granted 
 => access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"cn" requested 
 <= root access granted 
 => access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"uid" requested 
 <= root access granted 
 => access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"mail" requested 
 <= root access granted 
 => access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"givenName" requested 
 <= root access granted 
 => access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"displayName" requested 
 <= root access granted 
 => access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"sn" requested 
 <= root access granted 
 conn=5 op=8052 ENTRY dn="cn=jirasupport,ou=people,ou=eejira,o=nsn" 
 <= send_search_entry: conn 5 exit. 
 send_ldap_result: conn=5 op=8052 p=3 
 send_ldap_result: err=0 matched="" text="" 
 send_ldap_response: msgid=8053 tag=101 err=0 
 conn=5 op=8052 SEARCH RESULT tag=101 err=0 nentries=1 text= 
 daemon: activity on 1 descriptor 
 daemon: activity on:
  
 slap_listener_activate(8):  
 daemon: epoll: listen=7 active_threads=0 tvp=NULL 
 daemon: epoll: listen=8 busy 
 >>> slap_listener(ldap:///) 
 daemon: listen=8, new connection on 20 
 daemon: added 20r (active) listener=(nil) 
 conn=8 fd=20 ACCEPT from IP=87.254.208.143:42569 (IP=0.0.0.0:389) 
 daemon: activity on 2 descriptors 
 daemon: activity on:
  20r
  
 daemon: read active on 20 
 daemon: epoll: listen=7 active_threads=0 tvp=NULL 
 daemon: epoll: listen=8 active_threads=0 tvp=NULL 
 connection_get(20) 
 connection_get(20): got connid=8 
 connection_read(20): checking for input on id=8 
 do_bind 
 >>> dnPrettyNormal: <cn=jirasupport,ou=people,ou=eejira,o=nsn> 
 <<< dnPrettyNormal: <cn=jirasupport,ou=people,ou=eejira,o=nsn>,
<cn=jirasupport,ou=people,ou=eejira,o=nsn> 
 do_bind: version=3 dn="cn=jirasupport,ou=people,ou=eejira,o=nsn" method=128 
 conn=8 op=0 BIND dn="cn=jirasupport,ou=people,ou=eejira,o=nsn" method=128 
 ==> bdb_bind: dn: cn=jirasupport,ou=people,ou=eejira,o=nsn 
 bdb_dn2entry("cn=jirasupport,ou=people,ou=eejira,o=nsn") 
 => access_allowed: auth access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"userPassword" requested 
 => acl_get: [1] attr userPassword 
 access_allowed: no res from state (userPassword) 
 => acl_mask: access to entry "cn=jirasupport,ou=People,ou=eejira,o=nsn", attr
"userPassword" requested 
 => acl_mask: to value by "", (=0)  
 <= check a_dn_pat: cn=manager,ou=eejira,o=nsn 
 <= check a_dn_pat: * 
 <= acl_mask: [2] applying read(=rscxd) (stop) 
 <= acl_mask: [2] mask: read(=rscxd) 
 => access_allowed: auth access granted by read(=rscxd) 
 conn=8 op=0 BIND dn="cn=jirasupport,ou=People,ou=eejira,o=nsn" mech=SIMPLE
ssf=0 
 do_bind: v3 bind: "cn=jirasupport,ou=people,ou=eejira,o=nsn" to
"cn=jirasupport,ou=People,ou=eejira,o=nsn" 
 send_ldap_result: conn=8 op=0 p=3 
 send_ldap_result: err=0 matched="" text="" 
 send_ldap_response: msgid=1 tag=97 err=0 
 conn=8 op=0 RESULT tag=97 err=0 text= 
 daemon: activity on 1 descriptor 
 daemon: activity on:
  
 daemon: epoll: listen=7 active_threads=0 tvp=NULL 
 daemon: epoll: listen=8 active_threads=0 tvp=NULL 




Log of fisheye logging:
 daemon: activity on 1 descriptor 
 daemon: activity on:
  17r
  
 daemon: read active on 17 
 daemon: epoll: listen=7 active_threads=0 tvp=NULL 
 daemon: epoll: listen=8 active_threads=0 tvp=NULL 
 connection_get(17) 
 connection_get(17): got connid=5 
 connection_read(17): checking for input on id=5 
 do_search 
 >>> dnPrettyNormal: <ou=eejira,o=nsn> 
 <<< dnPrettyNormal: <ou=eejira,o=nsn>, <ou=eejira,o=nsn> 
 SRCH "ou=eejira,o=nsn" 2 3
     0 0 0 
 begin get_filter 
 AND 
 begin get_filter_list 
 begin get_filter 
 EQUALITY 
 end get_filter 0 
 begin get_filter 
 EQUALITY 
 end get_filter 0 
 end get_filter_list 
 end get_filter 0 
     filter: (&(objectClass=person)(uid=jirasupport)) 
 => get_ctrls 
 => get_ctrls: oid="2.16.840.1.113730.3.4.2" (noncritical) 
 <= get_ctrls: n=1 rc=0 err="" 
     attrs:
  
 conn=5 op=8051 SRCH base="ou=eejira,o=nsn" scope=2 deref=3
filter="(&(objectClass=person)(uid=jirasupport))" 
 slap_global_control: unavailable control: 2.16.840.1.113730.3.4.2 
 => bdb_search 
 bdb_dn2entry("ou=eejira,o=nsn") 
 search_candidates: base="ou=eejira,o=nsn" (0x00000001) scope=2 
 => bdb_filter_candidates 
 	EQUALITY 
 => bdb_equality_candidates (objectClass) 
 => key_read 
 bdb_idl_fetch_key: [01872a84] 
 <= bdb_index_read: failed (-30989) 
 <= bdb_equality_candidates: id=0, first=0, last=0 
 <= bdb_filter_candidates: id=0 first=0 last=0 
 => bdb_dn2idl("ou=eejira,o=nsn") 
 => bdb_filter_candidates 
 	AND 
 => bdb_list_candidates 0xa0 
 => bdb_filter_candidates 
 	AND 
 => bdb_list_candidates 0xa0 
 => bdb_filter_candidates 
 	EQUALITY 
 => bdb_equality_candidates (objectClass) 
 => key_read 
 bdb_idl_fetch_key: [8c70ccf9] 
 daemon: activity on 1 descriptor 
 daemon: activity on:
  
 daemon: epoll: listen=7 active_threads=0 tvp=NULL 
 daemon: epoll: listen=8 active_threads=0 tvp=NULL 
 <= bdb_index_read 12658 candidates 
 <= bdb_equality_candidates: id=12658, first=244, last=12912 
 <= bdb_filter_candidates: id=12658 first=244 last=12912 
 => bdb_filter_candidates 
 	EQUALITY 
 => bdb_equality_candidates (uid) 
 => key_read 
 bdb_idl_fetch_key: [66ddc068] 
 <= bdb_index_read 1 candidates 
 <= bdb_equality_candidates: id=1, first=3763, last=3763 
 <= bdb_filter_candidates: id=1 first=3763 last=3763 
 <= bdb_list_candidates: id=1 first=3763 last=3763 
 <= bdb_filter_candidates: id=1 first=3763 last=3763 
 <= bdb_list_candidates: id=1 first=3763 last=3763 
 <= bdb_filter_candidates: id=1 first=3763 last=3763 
 bdb_search_candidates: id=1 first=3763 last=3763 
 entry_decode: "cn=jirasupport,ou=People,ou=eejira,o=nsn" 
 <= entry_decode(cn=jirasupport,ou=People,ou=eejira,o=nsn) 
 => test_filter 
     AND 
 => test_filter_and 
 => test_filter 
     EQUALITY 
 => access_allowed: search access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"objectClass" requested 
 <= root access granted 
 <= test_filter 6 
 => test_filter 
     EQUALITY 
 => access_allowed: search access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"uid" requested 
 <= root access granted 
 <= test_filter 6 
 <= test_filter_and 6 
 <= test_filter 6 
 => send_search_entry: conn 5 dn="cn=jirasupport,ou=People,ou=eejira,o=nsn" 
 => access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"entry" requested 
 <= root access granted 
 => access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"objectClass" requested 
 <= root access granted 
 => access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"userPassword" requested 
 <= root access granted 
 => access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"cn" requested 
 <= root access granted 
 => access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"uid" requested 
 <= root access granted 
 => access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"mail" requested 
 <= root access granted 
 => access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"givenName" requested 
 <= root access granted 
 => access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"displayName" requested 
 <= root access granted 
 => access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"sn" requested 
 <= root access granted 
 conn=5 op=8051 ENTRY dn="cn=jirasupport,ou=people,ou=eejira,o=nsn" 
 <= send_search_entry: conn 5 exit. 
 send_ldap_result: conn=5 op=8051 p=3 
 send_ldap_result: err=0 matched="" text="" 
 send_ldap_response: msgid=8052 tag=101 err=0 
 conn=5 op=8051 SEARCH RESULT tag=101 err=0 nentries=1 text= 
 daemon: activity on 1 descriptor 
 daemon: activity on:
  
 slap_listener_activate(8):  
 daemon: epoll: listen=7 active_threads=0 tvp=NULL 
 daemon: epoll: listen=8 busy 
 >>> slap_listener(ldap:///) 
 daemon: listen=8, new connection on 20 
 daemon: added 20r (active) listener=(nil) 
 conn=7 fd=20 ACCEPT from IP=87.254.208.143:39622 (IP=0.0.0.0:389) 
 daemon: activity on 1 descriptor 
 daemon: activity on:
  
 daemon: epoll: listen=7 active_threads=0 tvp=NULL 
 daemon: epoll: listen=8 active_threads=0 tvp=NULL 
 daemon: activity on 1 descriptor 
 daemon: activity on:
  20r
  
 daemon: read active on 20 
 daemon: epoll: listen=7 active_threads=0 tvp=NULL 
 daemon: epoll: listen=8 active_threads=0 tvp=NULL 
 connection_get(20) 
 connection_get(20): got connid=7 
 connection_read(20): checking for input on id=7 
 do_bind 
 daemon: activity on 1 descriptor 
 daemon: activity on:
 >>> dnPrettyNormal: <cn=jirasupport,ou=people,ou=eejira,o=nsn> 
 <<< dnPrettyNormal: <cn=jirasupport,ou=people,ou=eejira,o=nsn>,
<cn=jirasupport,ou=people,ou=eejira,o=nsn> 
 do_bind: version=3 dn="cn=jirasupport,ou=people,ou=eejira,o=nsn" method=128 
 conn=7 op=0 BIND dn="cn=jirasupport,ou=people,ou=eejira,o=nsn" method=128 
  
 ==> bdb_bind: dn: cn=jirasupport,ou=people,ou=eejira,o=nsn 
 bdb_dn2entry("cn=jirasupport,ou=people,ou=eejira,o=nsn") 
 daemon: epoll: listen=7 active_threads=0 tvp=NULL 
 => access_allowed: auth access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"userPassword" requested 
 daemon: epoll: listen=8 active_threads=0 tvp=NULL 
 => acl_get: [1] attr userPassword 
 access_allowed: no res from state (userPassword) 
 => acl_mask: access to entry "cn=jirasupport,ou=People,ou=eejira,o=nsn", attr
"userPassword" requested 
 => acl_mask: to value by "", (=0)  
 <= check a_dn_pat: cn=manager,ou=eejira,o=nsn 
 <= check a_dn_pat: * 
 <= acl_mask: [2] applying read(=rscxd) (stop) 
 <= acl_mask: [2] mask: read(=rscxd) 
 => access_allowed: auth access granted by read(=rscxd) 
 send_ldap_result: conn=7 op=0 p=3 
 send_ldap_result: err=49 matched="" text="" 
 send_ldap_response: msgid=1 tag=97 err=49 
 conn=7 op=0 RESULT tag=97 err=49 text= 
 daemon: activity on 1 descriptor 
 daemon: activity on:
  20r
  
 daemon: read active on 20 
 daemon: epoll: listen=7 active_threads=0 tvp=NULL 
 daemon: epoll: listen=8 active_threads=0 tvp=NULL 
 connection_get(20) 
 connection_get(20): got connid=7 
 connection_read(20): checking for input on id=7 
 ber_get_next on fd 20 failed errno=0 (Success) 
 connection_read(20): input error=-2 id=7, closing. 
 connection_closing: readying conn=7 sd=20 for close 
 connection_close: conn=7 sd=-1 
 daemon: removing 20 
 conn=7 fd=20 closed (connection lost) 
 daemon: activity on 1 descriptor 
 daemon: activity on:
  
 daemon: epoll: listen=7 active_threads=0 tvp=NULL 
 daemon: epoll: listen=8 active_threads=0 tvp=NULL 




And other users are all right for logging in all applications.

Do you have any advice for this problem?

Thanks a lot.