|
»
»
»
« Return to Thread: Need help determining cause of login problem
Re: Need help determining cause of login problem
by Howard Chu
::
Rate this Message:
Tony Earnshaw wrote:
> Jürgen Starek skrev, on 16-02-2008 18:04:
>
>> Is there a list available anywhere that gives possible reasons for error
>> messages?
>
> Apparently not, as far as OpenLDAP is concerned.
Not quite. LDAP error codes are already documented in RFC4511.
> This was "up" as late
> as today in one of the 2/4 official OpenLDAP lists, with Pier-Angelo
> Masarati asking Gavin Henry if he couldn't do anything about it.
The question Pierangelo and Gavin were addressing was whether the specific
format of OpenLDAP log messages was explicitly documented anywhere. The answer
to that is no, and we occasionally reformat the log messages to make them more
uniform and perform other cleanups over time.
>
> As far as I'm concerned, recognizing these error numbers at OL log level
> Stats level has been an ever-increasingly important factor as LDAP
> continues to mean more and more to my sites. No where to go to get
> values, just recognize.
That is far overstating the situation. All of the relevant codes are already
documented in the LDAP RFCs.
> The importance has been highlighted by Red Hat
> itself, who permits itself to charge US$ 15.000 per annum support for
> each OL or RHDS master server installation and about the half for each
> slave. If I charged the half for both, I'd long have had more money than
> I do have.
Red Hat's practices are far from exemplary.
>> Without your mail, I would not have guessed that sending pam_ldap
>> to look in a non-existing search base might lead to "No such object", "No
>> such search base" might have been more appropriate as the object /is/ in the
>> directory, albeit with a different dn...
>
> That's what error 32 is about. Invariably it comes from people trying to
> do things to a database/directory suffix that hasn't itself yet been
> initiated.
>
>>> Again Googling, here's how Michael Hammer does it:
>>>
>>> http://tugll.tugraz.at/88684/weblog/3682.html
>> Well, I'm truly grateful for each tutorial or howto anyone puts on the web.
>
> Watch out. People stuff the word HOWTO into everything, most often don't
> date what they write and, most importantly, most of what they write is
> trash anyway. I wouldn't have passed Michael Hammer's writeup to you if
> I hadn't vetted it myself first and found it kosher.
>
>> I
>> just wish they'd explain the meaning of options used and some alternatives...
>> (Yes, I'll go and improve the howto on the Debian wiki once this is done.
>> Promise.)
>
> *NEVER, NEVER* attempt to write any "HOWTO" about anything. A good
> example is sexual seduction. *DO NOT*. Simply explain what worked for
> you, and *ALWAYS* write the date and all software versions. *ALWAYS* the
> best source of information is the software vendor's documentation and if
> this doesn't suffice, your quarrel is with the vendor himself, not the
> end user.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
> Jürgen Starek skrev, on 16-02-2008 18:04:
>
>> Is there a list available anywhere that gives possible reasons for error
>> messages?
>
> Apparently not, as far as OpenLDAP is concerned.
Not quite. LDAP error codes are already documented in RFC4511.
> This was "up" as late
> as today in one of the 2/4 official OpenLDAP lists, with Pier-Angelo
> Masarati asking Gavin Henry if he couldn't do anything about it.
The question Pierangelo and Gavin were addressing was whether the specific
format of OpenLDAP log messages was explicitly documented anywhere. The answer
to that is no, and we occasionally reformat the log messages to make them more
uniform and perform other cleanups over time.
>
> As far as I'm concerned, recognizing these error numbers at OL log level
> Stats level has been an ever-increasingly important factor as LDAP
> continues to mean more and more to my sites. No where to go to get
> values, just recognize.
That is far overstating the situation. All of the relevant codes are already
documented in the LDAP RFCs.
> The importance has been highlighted by Red Hat
> itself, who permits itself to charge US$ 15.000 per annum support for
> each OL or RHDS master server installation and about the half for each
> slave. If I charged the half for both, I'd long have had more money than
> I do have.
Red Hat's practices are far from exemplary.
>> Without your mail, I would not have guessed that sending pam_ldap
>> to look in a non-existing search base might lead to "No such object", "No
>> such search base" might have been more appropriate as the object /is/ in the
>> directory, albeit with a different dn...
>
> That's what error 32 is about. Invariably it comes from people trying to
> do things to a database/directory suffix that hasn't itself yet been
> initiated.
>
>>> Again Googling, here's how Michael Hammer does it:
>>>
>>> http://tugll.tugraz.at/88684/weblog/3682.html
>> Well, I'm truly grateful for each tutorial or howto anyone puts on the web.
>
> Watch out. People stuff the word HOWTO into everything, most often don't
> date what they write and, most importantly, most of what they write is
> trash anyway. I wouldn't have passed Michael Hammer's writeup to you if
> I hadn't vetted it myself first and found it kosher.
>
>> I
>> just wish they'd explain the meaning of options used and some alternatives...
>> (Yes, I'll go and improve the howto on the Debian wiki once this is done.
>> Promise.)
>
> *NEVER, NEVER* attempt to write any "HOWTO" about anything. A good
> example is sexual seduction. *DO NOT*. Simply explain what worked for
> you, and *ALWAYS* write the date and all software versions. *ALWAYS* the
> best source of information is the software vendor's documentation and if
> this doesn't suffice, your quarrel is with the vendor himself, not the
> end user.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
« Return to Thread: Need help determining cause of login problem
| Free Forum Powered by Nabble | Forum Help |