Am Wed, 11 Sep 2019 12:08:36 +0000 schrieb François Pernet <francois.per...@idsa.ch>:
> Hi all, > > We have a solution running on which openldap is the identity > repository. OpenLDAP 2.4 is installed (on CentOS) also with policy. > The system is able to send traps when authentication problem occurs, > based on the slapd generated logs. > > Unfortunatly the log contains such error: "Jun 5 11:27:16 vms > slapd[32101]: conn=1174 op=0 RESULT tag=97 err=49 text=" when the > password entered generates an "invalid crendentials" message. This > is fine, but the error could mean the following: > > * Wrong user or password > * Expired account > * Account locked or disabled > * User must change its password > > Question is : is it possible to find a way to have the details for > error 49 ? (this error message is far too generic) No, it is not possible to split ldap-result-code, but you may consider a password policy, which provides some information on the result of a slapo-ppolicy(5) operation. -Dieter -- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E