[Date Prev][Date Next]
Expiration accounts and indexes ?
Yesterday I see a lot of
"Apr 6 16:08:20 xen-ldap01 slapd: <= bdb_equality_candidates:
(objectClass) not indexed"
in my OpenLDAP provider server log. After searching in docs
(http://www.openldap.org/faq/data/cache/42.html), I applied
index objectClass eq
instead of previous
#index objectClass eq
and restart the service.
The suprise has been when a few users cannot login in system through
LDAP validation this morning. The errors in log (in client logs) was:
Apr 9 09:11:13 hc23 sshd: pam_ldap: error trying to bind as user
"uid=ivan,ou=SAT,ou=Tecnic,dc=my_company,dc=com" (Invalid credentials)
Apr 9 09:11:13 hc23 sshd: error: PAM: authentication error for
illegal user ivan from XXX.XXX.XXX.XXX
The solution has been easy: comment the "index objectClass eq" parameter
again in slapd conf file.
¿Why it happens? I wonder it. Maybe some cache-related issue...
Jordi Espasa Clofent