[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(host) and (uid) not indexed (after creating an account)
- To: openldap-technical@openldap.org
- Subject: (host) and (uid) not indexed (after creating an account)
- From: Peng Yu <pengyu.ut@gmail.com>
- Date: Wed, 4 Jan 2017 11:51:23 -0600
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=mxtTnHF+tCjwCLvvuO13XM21abN2sHjvL5CvxGDOxU8=; b=OnqF7njdwX1vpJskOobtJsLmZ+xEEMbtU1+0l4MWWn5j+5moZsVMyQOMChNxkCViQS QwrGApjYHERKQoabdsV4AGgnal0jIyobOKhqJQ8jSRu763TkSyK9K5Chmg123rShjgHd LSo3CuRymjZHRw8o7plVs/SQNvN0RfVnjCl/L2nwPflJSuz6gTJ8kTJaEymfyV56+10U 8fNz5nLe+dsz42FF6Whm2NTR54ydZR9h/kthbK5snC2C3bAAHRfHI9qAioUgIsW5CoYU eeI5dkmU5ilWpFA3C9A20suhakTRN9+bKhmH5+25TS47P6rUhpq9rwiovU80BZPNfXc1 4dEw==
Hi,
I can use the following command to change the password in openldap
after I create an entry le.
~~~
$ sudo ldapsetpasswd le
Changing password for user uid=le,ou=Users,dc=mydomain,dc=example
New Password:
Retype New Password:
Successfully set password for user uid=le,ou=Users,dc=mydomain,dc=example
~~~
And I can see the userPassword field is changed upon calling the above command.
~~~
$ sudo ldapmodifyuser le
[sudo] password for pengy:
# About to modify the following entry :
dn: uid=le,ou=Users,dc=mydomain,dc=example
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: le
uid: le
uidNumber: 10103
gidNumber: 10002
homeDirectory: /home/le
loginShell: /bin/bash
gecos: le
description: User account
shadowMax: 180
shadowLastChange: 0
userPassword:: e1NTSEF9VzZHdlFnTkdDMitzUk5BRStpMGMzcElVWG9hVTYzRjk=
# Enter your modifications here, end with CTRL-D.
dn: uid=le,ou=Users,dc=mydomain,dc=example
Successfully modified user entry uid=le,ou=Users,dc=mydomain,dc=example in LDAP
~~~
(BTW, why whenever I run ldapsetpasswd to set the same password, the
userPassword field is set differently?)
But the user le is not able to login to the servers (the servers
connected to openldap for authentication) with the new password.
In /var/log/syslog of the openldap server (ubuntu), I see the following lines.
~~~
Jan 2 12:17:22 openldapserver slapd[1082]: conn=2884 fd=39 ACCEPT
from IP=172.17.1.6:51975 (IP=0.0.0.0:389)
Jan 2 12:17:22 openldapserver slapd[1082]: conn=2884 op=0 BIND dn="" method=128
Jan 2 12:17:22 openldapserver slapd[1082]: conn=2884 op=0 RESULT
tag=97 err=0 text=
Jan 2 12:17:22 openldapserver slapd[1082]: conn=2884 op=1 SRCH
base="dc=domain,dc=example" scope=2 deref=0
filter="(&(&(|(host=\2A)(host=elnath))(!(host=!elnath)))(&(|(host=\2A)(host=elnath))(!(host=!elnath)))(uid=le))"
Jan 2 12:17:22 openldapserver slapd[1082]: <=
bdb_equality_candidates: (host) not indexed
Jan 2 12:17:22 openldapserver slapd[1082]: message repeated 3 times:
[ <= bdb_equality_candidates: (host) not indexed]
Jan 2 12:17:22 openldapserver slapd[1082]: <=
bdb_equality_candidates: (uid) not indexed
Jan 2 12:17:22 openldapserver slapd[1082]: conn=2884 op=1 SEARCH
RESULT tag=101 err=0 nentries=0 text=
~~~
On the server to be logged in (named as elnath and is also a ubuntu
server), /var/log/auth.log has the following line.
~~~
Jan 2 12:17:22 elnath sshd[21249]: Failed password for le from
xxx.xx.xx.xx port 57155 ssh2
~~~
I have tried to stop slapd service then run slapindex as root and then
start slapd service on the openldapserver. But it still does not work.
Could anybody let me know how to fix this issue? Thanks.
--
Regards,
Peng