Re: Openldap 2.4.x log details for error 49

[Dieter Klünter]

Am Wed, 11 Sep 2019 12:08:36 +
schrieb François Pernet :

> Hi all,
> 
> We have a solution running on which openldap is the identity
> repository. OpenLDAP 2.4 is installed (on CentOS) also with policy.
> The system is able to send traps when authentication problem occurs,
> based on the slapd generated logs.
> 
> Unfortunatly the log contains such error: "Jun  5 11:27:16 vms
> slapd[32101]: conn=1174 op=0 RESULT tag=97 err=49 text=" when the
> password entered generates an  "invalid crendentials" message. This
> is fine, but the error could mean the following:
> 
>   *   Wrong user or password
>   *   Expired account
>   *   Account locked or disabled
>   *   User must change its password
> 
> Question is : is it possible to find a way to have the details for
> error 49 ? (this error message is far too generic)

No, it is not possible to split ldap-result-code, but you may consider
a password policy, which provides some information on the result of a
slapo-ppolicy(5) operation.  

-Dieter

-- 
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E

Openldap 2.4.x log details for error 49

[François Pernet]

Hi all,

We have a solution running on which openldap is the identity repository.
OpenLDAP 2.4 is installed (on CentOS) also with policy.
The system is able to send traps when authentication problem occurs, based on 
the slapd generated logs.

Unfortunatly the log contains such error: "Jun  5 11:27:16 vms slapd[32101]: 
conn=1174 op=0 RESULT tag=97 err=49 text=" when the password entered generates 
an  "invalid crendentials" message.
This is fine, but the error could mean the following:

  *   Wrong user or password
  *   Expired account
  *   Account locked or disabled
  *   User must change its password

Question is : is it possible to find a way to have the details for error 49 ? 
(this error message is far too generic)

Many thanks in advance

FPernet