Cool, you saved me a lot of time. Quick question: where are all these constants (LDAP_SUCCESS, etc) defined?
On 01/03/2018 12:37 PM, Sergei
Gerasenko wrote:
Digging deeper into the
access log, I see that certain operations return with non-zero
error codes. The most prolific are 14 and 32. These are LDAP_SASL_BIND_IN_PROGRESS and LDAP_NO_SUCH_OBJECT respectively.
So *maybe* the SNMP counter is incremented on those error codes.
I’m currently looking at the source code trying to confirm that.
It's in ldap/servers/slapd/result.c:367
if (err != LDAP_SUCCESS) {
/* count the error for snmp */
/* first check for security errors */
if (err == LDAP_INVALID_CREDENTIALS || err ==
LDAP_INAPPROPRIATE_AUTH || err == LDAP_AUTH_METHOD_NOT_SUPPORTED
|| err == LDAP_STRONG_AUTH_NOT_SUPPORTED || err ==
LDAP_STRONG_AUTH_REQUIRED || err == LDAP_CONFIDENTIALITY_REQUIRED
|| err == LDAP_INSUFFICIENT_ACCESS || err == LDAP_AUTH_UNKNOWN) {
slapi_counter_increment(g_get_global_snmp_vars()->ops_tbl.dsSecurityErrors);
} else if (err != LDAP_REFERRAL && err !=
LDAP_OPT_REFERRALS && err != LDAP_PARTIAL_RESULTS) {
/*madman man spec says not to count as normal
errors
--security errors
--referrals
-- partially seviced operations will not be
conted as an error
*/
slapi_counter_increment(g_get_global_snmp_vars()->ops_tbl.dsErrors);
}
}
And yes err=32 is no such object (common error code especially if
you are using the 389-console), and err=14 is normal during GSSAPI
binds.
|
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
