Xmlrpc.php: ERROR! Either LDAP search failed, or multiple users were found.

ljorgensen

Hi,

When synchronising from master to slave, the slave reports an LDAP error multiple times. As far as I know LDAP works fine. I can go into Diagnostics → Authentication and do LDAP auth on both the master and slave. What does the error mean?

Feb 13 09:54:43 pfsense-02 php-fpm[89552]: /xmlrpc.php: ERROR! Either LDAP search failed, or multiple users were found.
Feb 13 09:54:46 pfsense-02 php-fpm[89552]: /xmlrpc.php: ERROR! Either LDAP search failed, or multiple users were found.
Feb 13 09:54:57 pfsense-02 check_reload_status: Syncing firewall
Feb 13 09:54:57 pfsense-02 php-fpm[10931]: /xmlrpc.php: ERROR! Either LDAP search failed, or multiple users were found.
Feb 13 09:54:57 pfsense-02 check_reload_status: Reloading filter
Feb 13 09:54:57 pfsense-02 php-fpm[10931]: /xmlrpc.php: ROUTING: setting default route to 130.226.230.1
Feb 13 09:54:57 pfsense-02 php-fpm[10931]: /xmlrpc.php: Resyncing OpenVPN instances.
Feb 13 09:54:57 pfsense-02 kernel: ovpns1: link state changed to DOWN
Feb 13 09:54:57 pfsense-02 check_reload_status: Reloading filter
Feb 13 09:54:58 pfsense-02 kernel: ovpns1: link state changed to UP
Feb 13 09:54:58 pfsense-02 check_reload_status: rc.newwanip starting ovpns1
Feb 13 09:54:59 pfsense-02 xinetd[33035]: Starting reconfiguration
Feb 13 09:54:59 pfsense-02 xinetd[33035]: Swapping defaults
Feb 13 09:54:59 pfsense-02 xinetd[33035]: readjusting service 6969-udp
Feb 13 09:54:59 pfsense-02 xinetd[33035]: Reconfigured: new=0 old=1 dropped=0 (services)
Feb 13 09:54:59 pfsense-02 php-fpm[89552]: /rc.newwanip: rc.newwanip: Info: starting on ovpns1.
Feb 13 09:54:59 pfsense-02 php-fpm[89552]: /rc.newwanip: rc.newwanip: on (IP address: 10.106.100.1) (interface: []) (real interface: ovpns1).
Feb 13 09:54:59 pfsense-02 php-fpm[89552]: /rc.newwanip: rc.newwanip called with empty interface.
Feb 13 09:54:59 pfsense-02 check_reload_status: Reloading filter
Feb 13 09:54:59 pfsense-02 php-fpm[89552]: /rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection -  ->  10.106.100.1 - Restarting packages.
Feb 13 09:54:59 pfsense-02 check_reload_status: Starting packages
Feb 13 09:54:59 pfsense-02 xinetd[33035]: Starting reconfiguration
Feb 13 09:54:59 pfsense-02 xinetd[33035]: Swapping defaults
Feb 13 09:54:59 pfsense-02 xinetd[33035]: readjusting service 6969-udp
Feb 13 09:54:59 pfsense-02 xinetd[33035]: Reconfigured: new=0 old=1 dropped=0 (services)
Feb 13 09:55:00 pfsense-02 php-fpm[89552]: /rc.start_packages: Restarting/Starting all packages.

jimp

It's probably trying to verify the sync user (e.g. admin) password. Since it doesn't match LDAP, it falls back to local auth and succeeds.

On 2.4 you can use a custom username there, once you are on 2.4 you should be able to make that sync user in LDAP and it should be happy that way.

ljorgensen

Thanks, that makes sense. Would that also explain the 15-20 second wait for a sync to complete?

Oh, wait. I'm on 2.3.2 and I already have the ability to specify a sync user-name (attached, I hope). Can I specify an LDAP user here, or should I wait for 2.4?

jimp

On 2.3.x that field does nothing meaningful. 'admin' is hardcoded in the backend and assumed in a couple places. Have to wait for 2.4 for that.