[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#6854) When login from one application, "error=49" error show up, but other application's login are all right.
- To: openldap-its@OpenLDAP.org
- Subject: (ITS#6854) When login from one application, "error=49" error show up, but other application's login are all right.
- From: mahaoboy@gmail.com
- Date: Fri, 4 Mar 2011 11:01:28 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
Full_Name: hao ma
Version: 2.3.43
OS: linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (124.161.106.50)
We have configured Openldap as our user info repository for all our
applications.(include Atlassian JIRA,Confluence,Fisheye,Crowd).
Then we met an very strange user.
This user can logged in confluence successfully, but when could not log in
fisheye.
And in a little chance, he could log in fisheye correctly.
Firstly , we try to find problem from these applications.
And all clue point to Openldap server.
So we configure Openldap Loglever as -1.
And we recorded two different log of logging in confluence and logging in
fisheye.
Log of confluence logging:
daemon: activity on 1 descriptor
daemon: activity on:
17r
daemon: read active on 17
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
connection_get(17)
connection_get(17): got connid=5
connection_read(17): checking for input on id=5
do_search
daemon: activity on 1 descriptor
>>> dnPrettyNormal: <ou=eejira,o=nsn>
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
<<< dnPrettyNormal: <ou=eejira,o=nsn>, <ou=eejira,o=nsn>
SRCH "ou=eejira,o=nsn" 2 3
0 0 0
begin get_filter
daemon: epoll: listen=8 active_threads=0 tvp=NULL
AND
begin get_filter_list
begin get_filter
EQUALITY
end get_filter 0
begin get_filter
EQUALITY
end get_filter 0
end get_filter_list
end get_filter 0
filter: (&(objectClass=person)(uid=jirasupport))
=> get_ctrls
=> get_ctrls: oid="2.16.840.1.113730.3.4.2" (noncritical)
<= get_ctrls: n=1 rc=0 err=""
attrs:
conn=5 op=8052 SRCH base="ou=eejira,o=nsn" scope=2 deref=3
filter="(&(objectClass=person)(uid=jirasupport))"
slap_global_control: unavailable control: 2.16.840.1.113730.3.4.2
=> bdb_search
bdb_dn2entry("ou=eejira,o=nsn")
search_candidates: base="ou=eejira,o=nsn" (0x00000001) scope=2
=> bdb_filter_candidates
EQUALITY
=> bdb_equality_candidates (objectClass)
=> key_read
bdb_idl_fetch_key: [01872a84]
<= bdb_index_read: failed (-30989)
<= bdb_equality_candidates: id=0, first=0, last=0
<= bdb_filter_candidates: id=0 first=0 last=0
=> bdb_dn2idl("ou=eejira,o=nsn")
=> bdb_filter_candidates
AND
=> bdb_list_candidates 0xa0
=> bdb_filter_candidates
AND
=> bdb_list_candidates 0xa0
=> bdb_filter_candidates
EQUALITY
=> bdb_equality_candidates (objectClass)
=> key_read
bdb_idl_fetch_key: [8c70ccf9]
<= bdb_index_read 12658 candidates
<= bdb_equality_candidates: id=12658, first=244, last=12912
<= bdb_filter_candidates: id=12658 first=244 last=12912
=> bdb_filter_candidates
EQUALITY
=> bdb_equality_candidates (uid)
=> key_read
bdb_idl_fetch_key: [66ddc068]
<= bdb_index_read 1 candidates
<= bdb_equality_candidates: id=1, first=3763, last=3763
<= bdb_filter_candidates: id=1 first=3763 last=3763
<= bdb_list_candidates: id=1 first=3763 last=3763
<= bdb_filter_candidates: id=1 first=3763 last=3763
<= bdb_list_candidates: id=1 first=3763 last=3763
<= bdb_filter_candidates: id=1 first=3763 last=3763
bdb_search_candidates: id=1 first=3763 last=3763
=> test_filter
AND
=> test_filter_and
=> test_filter
EQUALITY
=> access_allowed: search access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"objectClass" requested
<= root access granted
<= test_filter 6
=> test_filter
EQUALITY
=> access_allowed: search access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"uid" requested
<= root access granted
<= test_filter 6
<= test_filter_and 6
<= test_filter 6
=> send_search_entry: conn 5 dn="cn=jirasupport,ou=People,ou=eejira,o=nsn"
=> access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"entry" requested
<= root access granted
=> access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"objectClass" requested
<= root access granted
=> access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"userPassword" requested
<= root access granted
=> access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"cn" requested
<= root access granted
=> access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"uid" requested
<= root access granted
=> access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"mail" requested
<= root access granted
=> access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"givenName" requested
<= root access granted
=> access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"displayName" requested
<= root access granted
=> access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"sn" requested
<= root access granted
conn=5 op=8052 ENTRY dn="cn=jirasupport,ou=people,ou=eejira,o=nsn"
<= send_search_entry: conn 5 exit.
send_ldap_result: conn=5 op=8052 p=3
send_ldap_result: err=0 matched="" text=""
send_ldap_response: msgid=8053 tag=101 err=0
conn=5 op=8052 SEARCH RESULT tag=101 err=0 nentries=1 text=
daemon: activity on 1 descriptor
daemon: activity on:
slap_listener_activate(8):
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 busy
>>> slap_listener(ldap:///)
daemon: listen=8, new connection on 20
daemon: added 20r (active) listener=(nil)
conn=8 fd=20 ACCEPT from IP=87.254.208.143:42569 (IP=0.0.0.0:389)
daemon: activity on 2 descriptors
daemon: activity on:
20r
daemon: read active on 20
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
connection_get(20)
connection_get(20): got connid=8
connection_read(20): checking for input on id=8
do_bind
>>> dnPrettyNormal: <cn=jirasupport,ou=people,ou=eejira,o=nsn>
<<< dnPrettyNormal: <cn=jirasupport,ou=people,ou=eejira,o=nsn>,
<cn=jirasupport,ou=people,ou=eejira,o=nsn>
do_bind: version=3 dn="cn=jirasupport,ou=people,ou=eejira,o=nsn" method=128
conn=8 op=0 BIND dn="cn=jirasupport,ou=people,ou=eejira,o=nsn" method=128
==> bdb_bind: dn: cn=jirasupport,ou=people,ou=eejira,o=nsn
bdb_dn2entry("cn=jirasupport,ou=people,ou=eejira,o=nsn")
=> access_allowed: auth access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"userPassword" requested
=> acl_get: [1] attr userPassword
access_allowed: no res from state (userPassword)
=> acl_mask: access to entry "cn=jirasupport,ou=People,ou=eejira,o=nsn", attr
"userPassword" requested
=> acl_mask: to value by "", (=0)
<= check a_dn_pat: cn=manager,ou=eejira,o=nsn
<= check a_dn_pat: *
<= acl_mask: [2] applying read(=rscxd) (stop)
<= acl_mask: [2] mask: read(=rscxd)
=> access_allowed: auth access granted by read(=rscxd)
conn=8 op=0 BIND dn="cn=jirasupport,ou=People,ou=eejira,o=nsn" mech=SIMPLE
ssf=0
do_bind: v3 bind: "cn=jirasupport,ou=people,ou=eejira,o=nsn" to
"cn=jirasupport,ou=People,ou=eejira,o=nsn"
send_ldap_result: conn=8 op=0 p=3
send_ldap_result: err=0 matched="" text=""
send_ldap_response: msgid=1 tag=97 err=0
conn=8 op=0 RESULT tag=97 err=0 text=
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
Log of fisheye logging:
daemon: activity on 1 descriptor
daemon: activity on:
17r
daemon: read active on 17
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
connection_get(17)
connection_get(17): got connid=5
connection_read(17): checking for input on id=5
do_search
>>> dnPrettyNormal: <ou=eejira,o=nsn>
<<< dnPrettyNormal: <ou=eejira,o=nsn>, <ou=eejira,o=nsn>
SRCH "ou=eejira,o=nsn" 2 3
0 0 0
begin get_filter
AND
begin get_filter_list
begin get_filter
EQUALITY
end get_filter 0
begin get_filter
EQUALITY
end get_filter 0
end get_filter_list
end get_filter 0
filter: (&(objectClass=person)(uid=jirasupport))
=> get_ctrls
=> get_ctrls: oid="2.16.840.1.113730.3.4.2" (noncritical)
<= get_ctrls: n=1 rc=0 err=""
attrs:
conn=5 op=8051 SRCH base="ou=eejira,o=nsn" scope=2 deref=3
filter="(&(objectClass=person)(uid=jirasupport))"
slap_global_control: unavailable control: 2.16.840.1.113730.3.4.2
=> bdb_search
bdb_dn2entry("ou=eejira,o=nsn")
search_candidates: base="ou=eejira,o=nsn" (0x00000001) scope=2
=> bdb_filter_candidates
EQUALITY
=> bdb_equality_candidates (objectClass)
=> key_read
bdb_idl_fetch_key: [01872a84]
<= bdb_index_read: failed (-30989)
<= bdb_equality_candidates: id=0, first=0, last=0
<= bdb_filter_candidates: id=0 first=0 last=0
=> bdb_dn2idl("ou=eejira,o=nsn")
=> bdb_filter_candidates
AND
=> bdb_list_candidates 0xa0
=> bdb_filter_candidates
AND
=> bdb_list_candidates 0xa0
=> bdb_filter_candidates
EQUALITY
=> bdb_equality_candidates (objectClass)
=> key_read
bdb_idl_fetch_key: [8c70ccf9]
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
<= bdb_index_read 12658 candidates
<= bdb_equality_candidates: id=12658, first=244, last=12912
<= bdb_filter_candidates: id=12658 first=244 last=12912
=> bdb_filter_candidates
EQUALITY
=> bdb_equality_candidates (uid)
=> key_read
bdb_idl_fetch_key: [66ddc068]
<= bdb_index_read 1 candidates
<= bdb_equality_candidates: id=1, first=3763, last=3763
<= bdb_filter_candidates: id=1 first=3763 last=3763
<= bdb_list_candidates: id=1 first=3763 last=3763
<= bdb_filter_candidates: id=1 first=3763 last=3763
<= bdb_list_candidates: id=1 first=3763 last=3763
<= bdb_filter_candidates: id=1 first=3763 last=3763
bdb_search_candidates: id=1 first=3763 last=3763
entry_decode: "cn=jirasupport,ou=People,ou=eejira,o=nsn"
<= entry_decode(cn=jirasupport,ou=People,ou=eejira,o=nsn)
=> test_filter
AND
=> test_filter_and
=> test_filter
EQUALITY
=> access_allowed: search access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"objectClass" requested
<= root access granted
<= test_filter 6
=> test_filter
EQUALITY
=> access_allowed: search access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"uid" requested
<= root access granted
<= test_filter 6
<= test_filter_and 6
<= test_filter 6
=> send_search_entry: conn 5 dn="cn=jirasupport,ou=People,ou=eejira,o=nsn"
=> access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"entry" requested
<= root access granted
=> access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"objectClass" requested
<= root access granted
=> access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"userPassword" requested
<= root access granted
=> access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"cn" requested
<= root access granted
=> access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"uid" requested
<= root access granted
=> access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"mail" requested
<= root access granted
=> access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"givenName" requested
<= root access granted
=> access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"displayName" requested
<= root access granted
=> access_allowed: read access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"sn" requested
<= root access granted
conn=5 op=8051 ENTRY dn="cn=jirasupport,ou=people,ou=eejira,o=nsn"
<= send_search_entry: conn 5 exit.
send_ldap_result: conn=5 op=8051 p=3
send_ldap_result: err=0 matched="" text=""
send_ldap_response: msgid=8052 tag=101 err=0
conn=5 op=8051 SEARCH RESULT tag=101 err=0 nentries=1 text=
daemon: activity on 1 descriptor
daemon: activity on:
slap_listener_activate(8):
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 busy
>>> slap_listener(ldap:///)
daemon: listen=8, new connection on 20
daemon: added 20r (active) listener=(nil)
conn=7 fd=20 ACCEPT from IP=87.254.208.143:39622 (IP=0.0.0.0:389)
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
daemon: activity on 1 descriptor
daemon: activity on:
20r
daemon: read active on 20
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
connection_get(20)
connection_get(20): got connid=7
connection_read(20): checking for input on id=7
do_bind
daemon: activity on 1 descriptor
daemon: activity on:
>>> dnPrettyNormal: <cn=jirasupport,ou=people,ou=eejira,o=nsn>
<<< dnPrettyNormal: <cn=jirasupport,ou=people,ou=eejira,o=nsn>,
<cn=jirasupport,ou=people,ou=eejira,o=nsn>
do_bind: version=3 dn="cn=jirasupport,ou=people,ou=eejira,o=nsn" method=128
conn=7 op=0 BIND dn="cn=jirasupport,ou=people,ou=eejira,o=nsn" method=128
==> bdb_bind: dn: cn=jirasupport,ou=people,ou=eejira,o=nsn
bdb_dn2entry("cn=jirasupport,ou=people,ou=eejira,o=nsn")
daemon: epoll: listen=7 active_threads=0 tvp=NULL
=> access_allowed: auth access to "cn=jirasupport,ou=People,ou=eejira,o=nsn"
"userPassword" requested
daemon: epoll: listen=8 active_threads=0 tvp=NULL
=> acl_get: [1] attr userPassword
access_allowed: no res from state (userPassword)
=> acl_mask: access to entry "cn=jirasupport,ou=People,ou=eejira,o=nsn", attr
"userPassword" requested
=> acl_mask: to value by "", (=0)
<= check a_dn_pat: cn=manager,ou=eejira,o=nsn
<= check a_dn_pat: *
<= acl_mask: [2] applying read(=rscxd) (stop)
<= acl_mask: [2] mask: read(=rscxd)
=> access_allowed: auth access granted by read(=rscxd)
send_ldap_result: conn=7 op=0 p=3
send_ldap_result: err=49 matched="" text=""
send_ldap_response: msgid=1 tag=97 err=49
conn=7 op=0 RESULT tag=97 err=49 text=
daemon: activity on 1 descriptor
daemon: activity on:
20r
daemon: read active on 20
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
connection_get(20)
connection_get(20): got connid=7
connection_read(20): checking for input on id=7
ber_get_next on fd 20 failed errno=0 (Success)
connection_read(20): input error=-2 id=7, closing.
connection_closing: readying conn=7 sd=20 for close
connection_close: conn=7 sd=-1
daemon: removing 20
conn=7 fd=20 closed (connection lost)
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
And other users are all right for logging in all applications.
Do you have any advice for this problem?
Thanks a lot.