Xmlrpc.php: ERROR! Either LDAP search failed, or multiple users were found.



  • Hi,

    When synchronising from master to slave, the slave reports an LDAP error multiple times. As far as I know LDAP works fine. I can go into Diagnostics → Authentication and do LDAP auth on both the master and slave. What does the error mean?

    
    Feb 13 09:54:43 pfsense-02 php-fpm[89552]: /xmlrpc.php: ERROR! Either LDAP search failed, or multiple users were found.
    Feb 13 09:54:46 pfsense-02 php-fpm[89552]: /xmlrpc.php: ERROR! Either LDAP search failed, or multiple users were found.
    Feb 13 09:54:57 pfsense-02 check_reload_status: Syncing firewall
    Feb 13 09:54:57 pfsense-02 php-fpm[10931]: /xmlrpc.php: ERROR! Either LDAP search failed, or multiple users were found.
    Feb 13 09:54:57 pfsense-02 check_reload_status: Reloading filter
    Feb 13 09:54:57 pfsense-02 php-fpm[10931]: /xmlrpc.php: ROUTING: setting default route to 130.226.230.1
    Feb 13 09:54:57 pfsense-02 php-fpm[10931]: /xmlrpc.php: Resyncing OpenVPN instances.
    Feb 13 09:54:57 pfsense-02 kernel: ovpns1: link state changed to DOWN
    Feb 13 09:54:57 pfsense-02 check_reload_status: Reloading filter
    Feb 13 09:54:58 pfsense-02 kernel: ovpns1: link state changed to UP
    Feb 13 09:54:58 pfsense-02 check_reload_status: rc.newwanip starting ovpns1
    Feb 13 09:54:59 pfsense-02 xinetd[33035]: Starting reconfiguration
    Feb 13 09:54:59 pfsense-02 xinetd[33035]: Swapping defaults
    Feb 13 09:54:59 pfsense-02 xinetd[33035]: readjusting service 6969-udp
    Feb 13 09:54:59 pfsense-02 xinetd[33035]: Reconfigured: new=0 old=1 dropped=0 (services)
    Feb 13 09:54:59 pfsense-02 php-fpm[89552]: /rc.newwanip: rc.newwanip: Info: starting on ovpns1.
    Feb 13 09:54:59 pfsense-02 php-fpm[89552]: /rc.newwanip: rc.newwanip: on (IP address: 10.106.100.1) (interface: []) (real interface: ovpns1).
    Feb 13 09:54:59 pfsense-02 php-fpm[89552]: /rc.newwanip: rc.newwanip called with empty interface.
    Feb 13 09:54:59 pfsense-02 check_reload_status: Reloading filter
    Feb 13 09:54:59 pfsense-02 php-fpm[89552]: /rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection -  ->  10.106.100.1 - Restarting packages.
    Feb 13 09:54:59 pfsense-02 check_reload_status: Starting packages
    Feb 13 09:54:59 pfsense-02 xinetd[33035]: Starting reconfiguration
    Feb 13 09:54:59 pfsense-02 xinetd[33035]: Swapping defaults
    Feb 13 09:54:59 pfsense-02 xinetd[33035]: readjusting service 6969-udp
    Feb 13 09:54:59 pfsense-02 xinetd[33035]: Reconfigured: new=0 old=1 dropped=0 (services)
    Feb 13 09:55:00 pfsense-02 php-fpm[89552]: /rc.start_packages: Restarting/Starting all packages.
    
    

  • Rebel Alliance Developer Netgate

    It's probably trying to verify the sync user (e.g. admin) password. Since it doesn't match LDAP, it falls back to local auth and succeeds.

    On 2.4 you can use a custom username there, once you are on 2.4 you should be able to make that sync user in LDAP and it should be happy that way.



  • Thanks, that makes sense. Would that also explain the 15-20 second wait for a sync to complete?

    Oh, wait. I'm on 2.3.2 and I already have the ability to specify a sync user-name (attached, I hope). Can I specify an LDAP user here, or should I wait for 2.4?



  • Rebel Alliance Developer Netgate

    On 2.3.x that field does nothing meaningful. 'admin' is hardcoded in the backend and assumed in a couple places. Have to wait for 2.4 for that.