[Date Prev][Date Next] [Chronological] [Thread] [Top]

Expiration accounts and indexes ?

Hi folks,

Yesterday I see a lot of

"Apr 6 16:08:20 xen-ldap01 slapd[1167]: <= bdb_equality_candidates: (objectClass) not indexed"

in my OpenLDAP provider server log. After searching in docs (http://www.openldap.org/faq/data/cache/42.html), I applied

	index           objectClass eq

instead of previous

	#index           objectClass eq

and restart the service.

The suprise has been when a few users cannot login in system through LDAP validation this morning. The errors in log (in client logs) was:

Apr 9 09:11:13 hc23 sshd[44389]: pam_ldap: error trying to bind as user "uid=ivan,ou=SAT,ou=Tecnic,dc=my_company,dc=com" (Invalid credentials) Apr 9 09:11:13 hc23 sshd[44387]: error: PAM: authentication error for illegal user ivan from XXX.XXX.XXX.XXX

The solution has been easy: comment the "index objectClass eq" parameter again in slapd conf file.

¿Why it happens? I wonder it. Maybe some cache-related issue...

Jordi Espasa Clofent