[Date Prev][Date Next]
Unable to authenticate with "secondary" uids, slapd 2.4.23, centos5.5
- To: firstname.lastname@example.org
- Subject: Unable to authenticate with "secondary" uids, slapd 2.4.23, centos5.5
- From: Chan Wilson <email@example.com>
- Date: Tue, 14 Dec 2010 15:02:31 -0600
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=Yp8iSfKCW2BkSih+i1GarhOcYq2IHkhglsLIu65z3hQ=; b=Kcn00b3Ob/Zo3iAXzh+byRzBU8qXlpAwqLawgX2bvse9SLUl/wtleBl2gNePM5oinD LmxPrSs8ZiNtcb48fu9+l0lkBgGsH7qEhRgm0X5o0ZV8e+9Kk9GqOUq1QXQIZaOWaWcL Tda07TSXS3GhaU6fuWRWMZ5NF7vRwBPW7jhSg=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=HRvCpKVFWMPpKG+ETN+lkBX/v2zGJPkjvHMsIoaQSmLChIsu0gk5z3PdepcFTER+iE KnTZVF8BaqT2OpbxG2ypcmngbp6vH3/scF8Ko7UUydPdnxod5gsT2BdVYq/qQlGT2zvN 0yhMuXhQV7kzeuLG1tnE+JSb0UcLfHFSqqqG0=
I have several LDAP trees and installs (2.4.23, centos 5.5, bdb) that utilize "secondary" uids as the sites are in the process of migrating user IDs. In essence, allowing both "user" and "user.name" to authenticate as the same "user" account:
This has all been working beautifully since inception with 2.4.21. However, "something changed" either at the O/S level or slapd level to break this, and I'm at a loss as to what to look at next. When doing an ldapsearch -D with the "secondary" uid, it fails, and the server-side has a return from bdb_dn2id -- "get failed: DB_NOTFOUND: No matching key/data pair found (-30988)", which implies that the BDB index file for uid doesn't contain the additional uids. Not sure how to look at that, slapd_db_dump doesn't reveal anything human-parsable.
Does this ring any bells? Was it just a fluke that this worked?