On Fri, Mar 04, 2011 at 11:01:28AM +0000, [email protected] wrote: > To: [email protected]
This is not a bug-report at this stage so I am directing replies to [email protected]. > This user can logged in confluence successfully, but when could not log in > fisheye. > Log of confluence logging: > conn=5 op=8052 SRCH base="ou=eejira,o=nsn" scope=2 deref=3 > filter="(&(objectClass=person)(uid=jirasupport))" > conn=5 op=8052 ENTRY dn="cn=jirasupport,ou=people,ou=eejira,o=nsn" > conn=5 op=8052 SEARCH RESULT tag=101 err=0 nentries=1 text= > conn=8 op=0 BIND dn="cn=jirasupport,ou=people,ou=eejira,o=nsn" method=128 > conn=8 op=0 BIND dn="cn=jirasupport,ou=People,ou=eejira,o=nsn" mech=SIMPLE > ssf=0 > conn=8 op=0 RESULT tag=97 err=0 text= All OK so far. > Log of fisheye logging: > conn=5 op=8051 SRCH base="ou=eejira,o=nsn" scope=2 deref=3 > filter="(&(objectClass=person)(uid=jirasupport))" > conn=5 op=8051 ENTRY dn="cn=jirasupport,ou=people,ou=eejira,o=nsn" > conn=5 op=8051 SEARCH RESULT tag=101 err=0 nentries=1 text= > conn=7 op=0 BIND dn="cn=jirasupport,ou=people,ou=eejira,o=nsn" method=128 > conn=7 op=0 RESULT tag=97 err=49 text= Error 49 (decimal) is 0x31 (hex) which is LDAP_INVALID_CREDENTIALS so the password does not match. > And other users are all right for logging in all applications. My guess would be that there is something odd about this user's password. Be aware that most existing LDAP client software treats passwords as strings of binary without consideration of character set encoding. This can lead to problems where an account has a password that cannot be represented in 7-bit ASCII. There is nothing that the LDAP server can do about this, as it does not know what character set the application is using. I would suggest changing this account's password to a new one using only printable 7-bit characters. You can maintain good security by making the password longer (but beware that the old Unix-crypt hash scheme only uses the first 8 characters so avoid that if you can: SSHA1 is far better). Andrew -- ----------------------------------------------------------------------- | From Andrew Findlay, Skills 1st Ltd | | Consultant in large-scale systems, networks, and directory services | | http://www.skills-1st.co.uk/ +44 1628 782565 | -----------------------------------------------------------------------
