[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Openldap 2.4.x log details for error 49

To: openldap-technical@openldap.org
Subject: Re: Openldap 2.4.x log details for error 49
From: Dieter Klünter <dieter@dkluenter.de>
Date: Wed, 11 Sep 2019 19:11:05 +0200
In-reply-to: <AM5PR0801MB18916322F516CF5D14DFDC35FBB10@AM5PR0801MB1891.eurprd08.prod.outlook.com>
Organization: AVCI
References: <AM5PR0801MB18916322F516CF5D14DFDC35FBB10@AM5PR0801MB1891.eurprd08.prod.outlook.com>

Am Wed, 11 Sep 2019 12:08:36 +0000
schrieb François Pernet <Francois.Pernet@idsa.ch>:

> Hi all,
> 
> We have a solution running on which openldap is the identity
> repository. OpenLDAP 2.4 is installed (on CentOS) also with policy.
> The system is able to send traps when authentication problem occurs,
> based on the slapd generated logs.
> 
> Unfortunatly the log contains such error: "Jun  5 11:27:16 vms
> slapd[32101]: conn=1174 op=0 RESULT tag=97 err=49 text=" when the
> password entered generates an  "invalid crendentials" message. This
> is fine, but the error could mean the following:
> 
>   *   Wrong user or password
>   *   Expired account
>   *   Account locked or disabled
>   *   User must change its password
> 
> Question is : is it possible to find a way to have the details for
> error 49 ? (this error message is far too generic)

No, it is not possible to split ldap-result-code, but you may consider
a password policy, which provides some information on the result of a
slapo-ppolicy(5) operation.  

-Dieter

-- 
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E

References:
- Openldap 2.4.x log details for error 49
  - From: François Pernet <Francois.Pernet@idsa.ch>

Prev by Date: Re: Antw: Is there a simple document that explains the various admin passwords?
Next by Date: Re: logs with "syncrepl_del_nonpresent"
Index(es):
- Chronological
- Thread